Advice Request security for a paranoid elder

Please provide comments and solutions that are helpful to the author of this topic.

F

ForgottenSeer 69673

mathok87 said:
Wow thank you everyone for all this information! Plenty to sort through and great recommendations! Here is what I'm considering at the moment:

- Antivirus: F-Secure or Kaspersky Internet Security (doesn't look like I'd really need Total Security package). Also will present Microsoft Defender as an option but he'll probably feel better paying for something he feels is even more secure.

- Firewall: Fort Knox (seems pretty complete), TinyWall (doesn't list protection from "outbound" attacks), Comodo (seems appealing especially with Cruelsister settings - is there significant benefit over the other options?)

- Other considerations: Definitely will Harden Windows, VoodooShield Free looks like a worthwhile security addition, KVRT as additional scan option.

Beyond all this his ISP supplied router is old however it lacks WPS which he likes. He's read that WPS sometimes isn't entirely disabled on routers when done through the router interface (I haven't come across this myself). To that end is it likely one could actually encounter attacks directed at the router itself circumventing the software security options above? I'd doubt it but I'm not qualified to back my doubts up. I've always setup my routers with the following guide in mind:

heimdalsecurity.com

Home Network Security. Secure your Wireless Router & Devices

Enhance your home wireless network security by correctly configuring your Wi-Fi router and connected devices. Step by step guide with examples.
heimdalsecurity.com heimdalsecurity.com

With that guide in mind is there really specific 3rd party routers worth considering with further security in mind? As stated I'd presume any half decent router with standard security setup should be absolutely fine with above software options but if there's something with tangible benefit that's not a fortune I can direct it to him for consideration.

By the way my dad doesn't engage in anything nefarious but rather just standard internet browsing. His biggest fear as it stands is suffering a network infection that would log his information when he uses his Chromebook for internet banking. Said Chromebook is only used for this purpose and is otherwise turned off.

Again thanks again everyone for this.
Click to expand...

If you do decide to use Voodooshield, Dan used to give free Pro lic to MT members. Wink Wink
 
  • Like
Reactions: Zartarra
M

mathok87

New Member
Thread author
Jan 5, 2022
5
JoyousBudweiser said:
Mikrotik routers support DNS over HTTPS (Doh), am running NextDNS doh on my Mikrotik, it has a pretty decent firewall too.
View attachment 263460
Click to expand...
Intriguing. I have a Mikrotik router myself and that would be a good configuration addition. I see that NextDNS is free up to 300000 queries a month which I'd presume would be sufficient for average use. With these Mikrotik router settings do you also register an account with NextDNS or do these routers simply have blanket access?
 
  • Like
Reactions: Brahman
S

ScandinavianFish

Level 7
Verified
Dec 12, 2021
317
mathok87 said:
Intriguing. I have a Mikrotik router myself and that would be a good configuration addition. I see that NextDNS is free up to 300000 queries a month which I'd presume would be sufficient for average use. With these Mikrotik router settings do you also register an account with NextDNS or do these routers simply have blanket access?
Click to expand...
If you dont register with NextDNS your configuration will be deleted after 7 days, and if theres not more than 4 devices thats actively used like phones, tablets and computers then the 300k querie limit will never be reached, my phone and my computer uses the same config and I get at max 150k per month.
 
  • Like
Reactions: oldschool and Brahman
Brahman

Brahman

Level 18
Verified
Top Poster
Well-known
Aug 22, 2013
886
mathok87 said:
Intriguing. I have a Mikrotik router myself and that would be a good configuration addition. I see that NextDNS is free up to 300000 queries a month which I'd presume would be sufficient for average use. With these Mikrotik router settings do you also register an account with NextDNS or do these routers simply have blanket access?
Click to expand...
Registration is also free and you also get logs of all the queries ( you can switch it off too) on creating the account. How to configure nextdns in mikrotik is given in the settings page of nextdns. Just go to device- routers- scroll down...that's it.
You can force every non encrypted DNS query from the devices ( via port 53) connected to the router to go through the router DOH by using the given firewall rule. The same rule can be repeated for traffic through port 5353 too, just change "port=53" to "port=5353" at the end of the rule.
/ip firewall nat

add chain=dstnat action=dst-nat to-addresses=192.168.88.1 to-ports=53 protocol=tcp dst-port=53
add chain=dstnat action=dst-nat to-addresses=192.168.88.1 to-ports=53 protocol=udp dst-port=53
Click to expand...
 
Last edited:
  • Like
Reactions: oldschool

Similar threads

Amnesia
    • Like
Advice Request Decade old Firewall hardware, a huge security risk or beneficial under the right usage?
Replies
9
Views
344
General Security Discussions
simmerskool
simmerskool
Cleo
    • Like
Advice Request pfSense, OPNsense, Neutrino
Replies
1
Views
120
ChromeOS & Linux
Bot
Bot
simmerskool
Advice Request VMware 17.6.0 network glitch
Replies
6
Views
251
VM and Remote Access
simmerskool
simmerskool

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top