About four years ago I had a computer tech do a housecall to set up my MikroTik rb750gr3 hex, and ever since, my XP Pro rig has been bulletproof. Since I am using Agnitum Outpost Firewall 2009, and no antivirus, I credit the hardware firewall for this. Anyway, it is time to upgrade to a ‘new’ computer with Win 7 Pro 64-bit. Do I need to have the computer tech make any changes to the router set-up to accommodate this?
The previous computer tech was wanting to make these changes, but I opted for a quick set-up instead, as he was charging $100 an hour:
Turn off UPnP, remote administration, ping,telnet,SSH, and HNAP; set ports to ‘stealth’.
Change SSID and username.
Change router’s DNS server to DNS.Watch or UncensoredDNS.
Change default IP address for router admin interface (change last two numbers in the LAN IP address).
Disable IPv6.
My new tech guy charges half that, and I have more spare cash to invest, so are the changes above worthwhile, or a bad idea?
Lastly, I was wondering about the possibility of using the router to blacklist or block IP addresses, sort of like the Hosts File or Peerblock. Does my model have an option like “content filtering”, to block specific URLs or IP ranges?
There are no dumb questions…dumb choices though…
Windows XP is ancient and Windows 7 is (less but still) ancient. You need to confront the computer tech with the fact that you are considering a no longer supprted OS (and he is not advicing Windows 10).
In regards to your router ( for which you started this topic): the changes are not necessary and can be made easily, no need from a tech needed. I would advice you to upgrade the RouterOS regularly to make sure that there are no security leaks.
MikroTik can filter anything. Perhaps running PiHole is a better (and more friendly) option.
I will not be fooling with the router myself, but it might be handy and wise to have some link or tutorial or something detailing how to upgrade the RouterOS to version 6.47.6, just in case. I’d rather not have the tech waste half-hour of my money searching the internet. If you can refer me to anything like that, I’d appreciate it.
Funny story…it took the previous tech about half hour of searching to find out you have to stick the end of a paper clip into the tiny hole of the router to get it to do something. I forgot what.
The previous tech got the boot because he decided XP Pro was beneath him, and would only deign work on Win 8/Win 10 trash, neither of which will ever darken my door. He forgot who was the employer and who was the employee. Who was paying and who was getting paid. A reminder was swift in coming, and his cheaper and less uppity replacement was found in about seven weeks. This tech guy does whatever the job requires without any griping, does it just as well, and either doesn't have an EOL/EOS attitude problem, or parks it at the door. Either way, a step up for me, plus he charges half what the previous one did, so instead of three housecalls per year, I can now double that.
Regarding "the changes are not necessary", does that mean they are bad changes, or just a waste of time?
The previous computer tech was wanting to make these changes …
Turn off UPnP, remote administration, ping,telnet,SSH, and HNAP; set ports to ‘stealth’.
Change SSID and username.
Change router’s DNS server to DNS.Watch or UncensoredDNS.
Change default IP address for router admin interface (change last two numbers in the LAN IP address).
Disable IPv6.
I’d say these are all sensible changes to make and already sorted in order of preference. I’d say items 1. and 2. are a must, the rest are optional, item 5. is debatable (if your ISP provides you with IPv6, why not start using it … could be it’s of no use for you being still in era of Windows XP which doesn’t support IPv6 out-of-the-box).
As @anav already mentioned, I’d add another item to the top of the list: upgrade router OS to latest long-term version.
I run XP in a VirtualBox VM for almost all browsing in a standard user setting to avoid web based attacks.
I changed the default port for router access and don’t have those settings saved in winbox so there is no clue how to get into the router.
If you want to get really sneaky you can designate an IP address for router access that is outside your normal range, like 192.168.1.111 but make sure that’s not
in your IP pool so you have to change from a DHCP address to the fixed address to get into the router.