Depending on your router, you
can choose to allow guests to see
each other on the guest network
without giving them access to your
main network, plus set a limit on
the number of devices that can
be connected simultaneously—
consider reducing this to one or
two, depending on who is visiting.
Synology users can also set up a
Guest Portal that can be used to set
time limits on guests’ usage of your
network.MAC ADDRESS FILTERING
Another common way to restrict
what devices can access your
wireless network is to set up MAC
address filtering. Each device is
identified using a unique MAC
address—six two-digit hexadecimal
codes such as ‘00:0a:95:9d:68:16’ —
that helps identify it when it’s
connected to your network.
A MAC address filter allows you
to set up a list of allowed devicesbased on their MAC address, which
in theory, blocks any other device
from accessing your network or the
internet, even if they successfully
connect to your Wi-Fi network. The
settings are usually easy to find,
Archer VR900 users, for example,
should navigate to ‘Advanced >
Wireless > MAC Filtering’. Choose
‘Allow wireless access only from
the devices in the list below’, then
click Add to enable them one by one.
Your router should have already
detected which devices are
connected to your network, enabling
you to identify them by name and
assigned IP address to simplify the
initial setup. If not, then use a free
tool called Advanced IP Scanner
(www.advanced-ip-scanner.com)
to generate a complete list.
MAC filtering isn’t bulletproof
because it’s possible for devices to
spoof their MAC address, but for a
hacker to gain access, they’d need
to know which MAC addresses had
been whitelisted and use a tool like
Technitium MAC Address Changer
(https://technitium.com/tmac/). It
may not be a perfect solution but
filtering the MAC address is still a
stumbling block worth considering.DISABLE DHCP
In a similar vein, you could also
disable your router’s DHCP server,
which is responsible for allocating
IP addresses to devices as they
connect to your network. DHCP is
almost like rolling out the welcome
mat, and while convenient, you may
feel it’s a better idea to disable
it altogether and rely on devices
being manually configured with
the three key things they need to
connect: your router’s IP address
as the gateway, the subnet mask
(255.255.255.0) and a unique IP
address based on the same subnet
as your router, so 19 2. 16 8.x.y, where
‘x’ matches that of your router, but
‘y’ is a number between 0 and 255
not allocated to any other device.
If you go down this route, it’s
worth creating a list of all your
connected devices (Advanced IP
Scanner could help here) and then
allocating IP addresses to each
one before you apply them in turn.
Taking your Windows 11 PC as an
example, you’d navigate to ‘Settings
> Network & Internet’ and then
click Wi-Fi or Ethernet (for wired
connections) followed by Edit next
to ‘IP assignment’.DD-WRT INSTALLATION
If your router is showing
signs of its age, but you
don’t want to upgrade,
then visit the DD-WRT
webpage https://dd-wrt.
com/support/router-
database/ and see if your
router model is listed as
being compatible with the
free DD-WRT alternative
firmware. If not, consider
an affordable upgrade, such
as the Archer C7 ($4 4 for
the AC1 750 model) that can
be flashed with DD-WRT.
DD-WRT adds useful
functionality to consumer-
grade routers, including
additional security tools,
such as a firewall, VLAN
support, and a VPN
server. It’s also frequently
updated, so your router
stays up to date. Not all
features are available
on each device, so after
confirming compatibility
try Googling your model
number and ‘dd-wrt’ to see
how others have fared.
Although the main
DD-WRT interface is
straightforward tonavigate, some features
require a degree of
technical know-how, which
is why you should take a
deep dive into the DD-WRT
wiki (go to https://forum.
dd-wrt.com/wiki/ and
click Tutorials) to see what
level of complexity certain
features require—the
OpenVPN server is one
such example.
In addition, installing
DD-WRT could also
potentially ‘brick’ your
router, so make sure you
familiarize yourself with
the procedure, take your
time, and download a copy
of your manufacturer’sfirmware first in case
something goes wrong. If
you do ‘brick’ your router,
you may be able to recover
from it via a hard reset or
by using TFTP to restore
your original firmware.
You can access a TFTP
client in Windows 11 via the
‘Turn Windows features
on or off’ tool, and see
https://forum.dd-wrt.com/
wiki/index.php/Recover_
from_a_Bad_Flash
for details of recovery
procedures if you need
them. Remember, if you
decide to install DD-WRT
on your router, you do so
entirely at your own risk.DD-WRTworkswith a wide range ofroutersAssign IP
addresses
manually
and disable
your DHCP
servernetworking security guide