Fibre broadband

[Kklee]

On 11/23/2025 at 3:43 PM, Voodooman said:

It is a risk that as we add more devices to our home network, even from reputable manufacturers, the network may be hacked.   There are many professional hackers and criminal gangs in Cambodia, Laos and Russia looking full time for at such vulnerabilities and I think it will come.

For those who are good with network security, Kindly advise and share how a good router with high end security features can prevent such hacking (what to look out for) or it may make sense to use 2 routers, one for third parties devices like IoT (digital lock, smart lighting, etc), smart tv, tv boxes, smart speakers, smart fridge, etc and one for our personal phones, laptops and security devices, etc. Adding a 5G mobile router is very cheap these days.

IMHO.
Can find an ISP which using CGNAT,  more difficult to be hacked as don't have fixed IP.
Wireless network,  allocate based on fixed IP - so new devices cannot access.
5G router also good idea to use solely for IoT -  if the devices poor security got hacked,  your main network is not compromised.

Added.
If the manufacturer stop supporting your router(s),  change it. 

Edited November 24, 2025 by Kklee

[Kklee]

On 11/23/2025 at 4:27 PM, Tkseah said:

U young liao.. think I started with 9600bps modem...

IMHO.
9600 is fast.  🤣

[Playtime]

On 11/24/2025 at 1:42 PM, Kklee said:

IMHO.
Can find an ISP which using CGNAT,  more difficult to be hacked as don't have fixed IP.
Wireless network,  allocate based on fixed IP - so new devices cannot access.
5G router also good idea to use solely for IoT -  if the devices poor security got hacked,  your main network is not compromised.

Added.
If the manufacturer stop supporting your router(s),  change it. 

Knn these days,  open the wrong email will also kenna call up go attend cyber security training 🤨

Sometimes those emails are actually from IT department to trap you 😡

 

[Kklee]

On 11/24/2025 at 8:50 AM, Playtime said:

Knn these days,  open the wrong email will also kenna call up go attend cyber security training 🤨

Sometimes those emails are actually from IT department to trap you 😡

 

IMHO.
Usually i use PC to assess email, can hover the links. 
I don't usually click on emails. 🤣

[Voodooman]

On 11/23/2025 at 8:04 PM, Rayleigh said:

Look for router with CSA label: CyberSecurity Labelling Scheme (CLS) (Level 5 is max). Think Asus router has CLS label at level 5. 

Thanks for sharing. Just checked, my Asus router comes with level 4 rating.  Think 4 is the highest but I might be wrong.

Ok. Now I can probably sleep better.  My friend said I am paranoid but given everything we do these days are done online and I am adding more IoT devices every year to my home network, it doesn't hurt to be careful.  Lots of scammers out there. 

[Rayleigh]

On 11/24/2025 at 9:44 AM, Voodooman said:

Thanks for sharing. Just checked, my Asus router comes with level 4 rating.  Think 4 is the highest but I might be wrong.

Ok. Now I can probably sleep better.  My friend said I am paranoid but given everything we do these days are done online and I am adding more IoT devices every year to my home network, it doesn't hurt to be careful.  Lots of scammers out there. 

My bad, maximum rating is 4 and NOT 5. Yap, we would not want our IoT devices with back door access to monitor us unexpectedly. More importantly to be vulnerably compromised by malware or attacks. 

Edited November 24, 2025 by Rayleigh

[Voodooman]

On 11/24/2025 at 8:42 AM, Kklee said:

IMHO.
Can find an ISP which using CGNAT,  more difficult to be hacked as don't have fixed IP.
Wireless network,  allocate based on fixed IP - so new devices cannot access.
5G router also good idea to use solely for IoT -  if the devices poor security got hacked,  your main network is not compromised.

Added.
If the manufacturer stop supporting your router(s),  change it. 

Thanks for sharing.  I will consider a Simba 5G plan for my IoT devices and TV box.  I am quite an IT noob, don't understand things like CGNAT, so guess best to segregate and keep my main network to just a few trusted devices. 

[Kklee]

On 11/24/2025 at 10:27 AM, Voodooman said:

Thanks for sharing.  I will consider a Simba 5G plan for my IoT devices and TV box.  I am quite an IT noob, don't understand things like CGNAT, so guess best to segregate and keep my main network to just a few trusted devices. 

IMHO.
Using 5G router is not straight forward. 
IIRC, generally, if you are not on Singtel,  M1 or Starhub,  you're using CGNAT.
Mobile plans by default is CGNAT.

You can also keep the network separated by using separate routers on the same network. 

[Tkseah]

On 11/24/2025 at 10:27 AM, Voodooman said:

Thanks for sharing.  I will consider a Simba 5G plan for my IoT devices and TV box.  I am quite an IT noob, don't understand things like CGNAT, so guess best to segregate and keep my main network to just a few trusted devices. 

Checked my TP-Link router is only CLS level 1.. I mitigate the IoT device risk a bit by putting them on the guest network.. 

My main network is configured as dual band 5ghz and 2.4ghz.. while my guest network is configured as single band 2.4ghz, which is good since many IoT devices only support 2.4ghz and may face issue in a dual band network.

Edited November 24, 2025 by Tkseah

[Voodooman]

On 11/24/2025 at 10:36 AM, Kklee said:

IMHO.
Using 5G router is not straight forward. 
IIRC, generally, if you are not on Singtel,  M1 or Starhub,  you're using CGNAT.
Mobile plans by default is CGNAT.

You can also keep the network separated by using separate routers on the same network. 

Noob question, can I connect 2 routers to 1 ONT?  

[Voodooman]

On 11/24/2025 at 10:52 AM, Tkseah said:

Checked my TP-Link router is only CLS level 1.. I mitigate the IoT device risk a bit by putting them on the guest network.. 

My main network is configured as dual band 5ghz and 2.4ghz.. while my guest network is configured as single band 2.4ghz, which is good since many IoT devices only support 2.4ghz and may face issue in a dual band network.

This setup will be easiest to achieve without additional cost but not sure if it will prevents devices connected on one band from communicating/tapping into devices on the other and allowing third party devices access to the router? The first line of defence is probably the router. 

Can it effectively isolate the two groups even though they share the same router? 

 

[Voodooman]

On 11/24/2025 at 10:52 AM, Tkseah said:

Checked my TP-Link router is only CLS level 1.. I mitigate the IoT device risk a bit by putting them on the guest network.. 

My main network is configured as dual band 5ghz and 2.4ghz.. while my guest network is configured as single band 2.4ghz, which is good since many IoT devices only support 2.4ghz and may face issue in a dual band network.

I asked Perplexity and got this answer. Your method seems to work.

To protect your home network:
•    Change default passwords on all IoT devices.
•    Keep device firmware updated.
•    Use network segmentation by placing IoT devices on a separate guest or VLAN network isolated from your main router network.
•    Disable unnecessary services and remote access on both your router and IoT devices.
•    Monitor network activity for unusual behavior.
In summary, compromised IoT devices can serve as a threat vector for hacking your home router and network, so securing these devices and isolating them is crucial for safeguarding your home network from such attacks.

[Kklee]

On 11/24/2025 at 11:22 AM, Voodooman said:

Noob question, can I connect 2 routers to 1 ONT?  

IMHO.
Short answer is can - if it works for you.  I did that no issue.
My last experience was ONT <-  Router-A <- Router-B   
Router-A for wired,  Router-B for Wireless
Also connected to Router-A was AP through Coaxial.

I recently have a TPLINK x50-5G.    I have 2xSSID normal and one for IOT. 

P.S.   See my edit.    AFAIK,  ONT can only connect 1 router.   If you need 2, you connect the other to the existing Router i.e. Router-A above.

 

Edited November 24, 2025 by Kklee

[jcmm]

On 11/24/2025 at 11:22 AM, Voodooman said:

Noob question, can I connect 2 routers to 1 ONT?  

U can connect 2 routers to 1 ONT.

1) Main router and the other AP/Mesh.

2) 1+1 internet connection.  

Another which was mentioned by Kklee... but it is main router connecting directly to ONT while another router connect to the main router. 

Edited November 24, 2025 by jcmm

[Lala81]

On 11/24/2025 at 11:33 AM, Voodooman said:

I asked Perplexity and got this answer. Your method seems to work.

To protect your home network:
•    Change default passwords on all IoT devices.
•    Keep device firmware updated.
•    Use network segmentation by placing IoT devices on a separate guest or VLAN network isolated from your main router network.
•    Disable unnecessary services and remote access on both your router and IoT devices.
•    Monitor network activity for unusual behavior.
In summary, compromised IoT devices can serve as a threat vector for hacking your home router and network, so securing these devices and isolating them is crucial for safeguarding your home network from such attacks.

I don't think so much re: home network security nowadays. Cos phone security is just lot more important than home network security nowadays.
Given that every verification method goes through your phone app/phone number. 

Since I don't have cloud access CCTV in the house, that eliminates most privacy concerns.

 

 

Edited November 24, 2025 by Lala81

[Kb27]

Now, I don't bother with IoT. I just put them in guest network.

[Voodooman]

On 11/24/2025 at 1:50 PM, Lala81 said:

I don't think so much re: home network security nowadays. Cos phone security is just lot more important than home network security nowadays.
Given that every verification method goes through your phone app/phone number. 

Since I don't have cloud access CCTV in the house, that eliminates most privacy concerns.

 

 

I have less concern over phone security as I am using an iphone and it is a closed ecosystem.  There are Apple professionals looking after the cybersecurity part on my behalf and I am just a nobody, so I doubt anyone will hack into Apple ecosystem just to capture my passwords and access my accounts. By the way, 2FA is default for me after one of my accounts was nearly hacked years ago.

But I read recently that malware can be planted via IoT and or other streaming devices, which can compromise one's home network and personal information, criminals can use it to intercept data, or even manipulate router settings. That got me thinking if I need to beef up my home wifi set up.  It is like accessing my ebanking account on public wifi network, you don't know who/ what is lurking in the background. Maybe I am paranoid but i think this risk is becoming more and more real.

[Ghgan]

On 11/24/2025 at 8:50 AM, Playtime said:

Knn these days,  open the wrong email will also kenna call up go attend cyber security training 🤨

Sometimes those emails are actually from IT department to trap you 😡

 

Eversince the Singhealth data breached, almost all IT dept need to address the cyber security issues and it was found the weakest link is the staff. Many many moons ago, when cyber security is not the main focus, IT dept can't be bother with cyber security, no regular patch updates, just make sure anti-virus or anti-spam software are up to date can already. Now more resource is allocated to cyber security, conduct cyber security training and conduct entrapment drill on staff all due to cyber security audit requirements. Don't blame the IT dept, they are just following instructions from the top. Furthermore most IT dept are running on skeleton crew and double as cyber security roles. Really is pai tan.