Where to start...

[Dell Ray]

Hi, I have an AX58U(AX3000) that I'm using as a simple stand alone point of access router for a small home network; the router, my laptop, my mobile phone, a USB hard drive and my A/V components; a smart TV, A/V receiver, Blu-ray player, & streaming box.

I've had the router for a while and it has many settings that I don't use because I don't know enough about them and don't want to screw up my connectivity. However I've had what seems to be a couple of "near misses" as the saying goes (even though I disagree with the saying because isn't a near miss actually a hit?) and I would like to be able to confidently wrap my brain around the security features of this router.

I have the merlin wrt firmware and have for some time as well. It's actually the only thing I've done with it. I don't expect anyone to lay out a detailed map of what I should do because I know that's not what this is all about and everyone will have their own subjective opinion based on what works for them. But I could definitely use some guidance as to where I can get an outline geared toward the average person who does not have an IT background.

I'm basically looking for a starting point but also a where can I go from that because besides deciding on WPA 2 or WPA 3 and choosing login info, I really don't know much but I do know there are things I can do with my devices and this router to make things much more secure.

I don't have anything super sensitive but I do use both my laptop and phone for online shopping and mobile banking. I don't have a lot of money by any means but I don't need to have less than not a lot. Thank you in advance for any info into this.

 

[Crimliar]

The first thing is that you found these forums, just take everything you read with a pinch of salt - scepticism is a good thing!
You want to secure your local network, so use long complicated passwords for router login and WiFi, also turn off WPS (Wireless>WPS) and ICMP echo (Firewall>General), and don't allow access to the router login from WAN (Administration>System: Enable WEB access from WAN + Enable SSH(Lan Only)).
Remember this is a router, so keep it to doing router things - if you need a mini-server get a NAS, second-hand PC/capable thin client, or SBC.
Run Diversion or AdGuard Home on the router to block malicious sites, but if your ISP also blocks malicious sites by IP (Div or AGH blocking by DNS) you can still enable this.
If you are running any WEB facing servers then also enable Skynet, but if you need access from the internet just for yourself set up the router to act as a VPN server, but probably only make it available when you know you are going to need it!
Your router is going to be far happier if you keep what you are running on it to a minimum! But if you are on an xDSL (slow) connection, you might consider Conmon (Latency and see if connections are dropping), and SpdMerlin which you can use to set thresholds for QoS.
That should throw the cat amongst the pigeons, and get comments and suggestions started: There's no "right" solution, just an awful lot of opinions!

 

[Piotrek]

Router Security

Router Security Home Page

routersecurity.org

At least: the SHORT list
For more advanced security: the FULL list

 

[Tech9]

But I could definitely use some guidance

Keep it simple. Don't adopt someone else's ideas. Don't change settings you know little about. You don't really need any add-ons. You don't need to play with USB sticks. Plain Asuswrt-Merlin has plenty of options and works best. Just keep it updated as long as your router is supported.

 

[Piotrek]

Don't adopt someone else's ideas. Don't change settings you know little about.

That's right, but the short list includes basics such as changing the default password, setting Wi-Fi encryption, turn off WPS, UPnP, port forwarding, IPv6, update firmware, etc.

 

[Tech9]

There is no default password, port forwarding and IPv6 are disabled by default. Turning WPS and UPnP off may not be necessary and depends on the use case. IoT devices with one button use WPS. Games use UPnP. This was my 2nd advice to @Dell Ray - don't adopt someone else's ideas.