☠ It's time to secure your network. TP-Link may be banned in the USA soon but there are things you can do today to secure your router! Curious about making your home or business network safe from cyber attacks? Join me on this journey to learn how to secure your network. I'll explain why UPnP might be risky, the importance of changing your router's IP address, and introduce you to tools that can either defend or endanger your network. This isn't just tech jargon; it's practical advice wrapped in the excitement of cybersecurity. Watch until the end to gain the knowledge you need to protect your digital life in 2025 and beyond. Q: What are your thoughts? Shy? It's OK, please consider placing an emoji 🚀 in the comment area so I know you took the time to watch this video! Thanks in advance! Asus - amzn.to/49OZIVf MSI - amzn.to/3VQAwrC NETGEAR Nighthawk - amzn.to/40cAL1N Eero - amzn.to/41Qex8a Ubiquiti amzn.to/3qC554s NetGate amzn.to/3cXiTTv Peplink amzn.to/3OnTsHM UTT Router amzn.to/3nJBLaL TrendNET Router #1 amzn.to/3nVukx0 TrendNET Router #2 amzn.to/3IGxvm2 Small Battery Backup For Starlink - amzn.to/3ScbcrZ Get 1-Month FREE - Use My Starlink Referral jcristina.com/starlink Subscribe, Share, and Like if so inclined! Also, after watching, consider commenting! Can't wait to hear from you in the comments below this video! 1-Hour SpaceX Starlink Setup and Network Design Consultations are available at jcristina.com/product/1-hour-consultation Don't forget to join my Newsletter: jcristina.com/join Super Chats And All Channel Donations Are Warmly Welcome! Thank You! Get a massive discount with PureVPN by visiting jcristina.com/vpn I truly hope you enjoy the video and find value in it! If so, please consider Thumbs Up, Subscribe, and Becoming A Member Of The Channel! For Media & Business Relations Contact 📧 jcristina.com/contact Thank you for supporting the channel! Interested in any products that I personally use? Visit www.amazon.com/shop/jcristina or go to the bottom of this description for direct links. If you would like to get a FREE copy of the Prologue to "How To Create A Digital Fort Knox - Backing Up Your Digital Life" or one of my other FREE books, simply visit jcristina.com/books Consider subscribing to the channel, commenting below, and signing up for my newsletter at jcristina.com/join Interested in any products that I personally use? Visit www.amazon.com/shop/jcristina or go to the bottom of this description for direct links. Highlighted Starlink Hardware I Have Tested In The Past: [ Social Media & Additional Connections ] 📦 20% Off Everything jcristina.com - Code YT20 🆓 FREE eBook jcristina.com/ebook 🌒 Dark Moon Teas DarkMoonTeas.com 🎬 KZbin - kzbin.info 🔖 Twitter - twitter.com/JosephCristina 👀 Instagram - instagram.com/JosephCristina 👨‍💼 LinkedIn - www.linkedin.com/in/josephcristina 📖 Facebook - facebook.com/joseph.cristina 📰 Creative Discord Server - community.jcristina.com [ Equipment Used ] 💎 MB ] ASUS - PRIME X370-PRO ATX AM4 Motherboard - amzn.to/2rmR9LT 💎 CPU ] AMD - Ryzen 7 1700 3.0GHz 8-Core Processor - amzn.to/2pSCx4S 💎 GPU ] MSI - GeForce GTX 1070 8GB Video Card - amzn.to/2rndQ2o 💎 RAM ] Corsair - Vengeance LPX 32GB (2 x 16GB) DDR4-3000 - amzn.to/2qo8PIv 💎 DISPLAY ] Dell - UltraSharp 34” Curved Monitor - U3415W - amzn.to/2s6pvTs 💡 Video Lighting - amzn.to/2qrDOnH 🎬 Sony ZV-1 - amzn.to/3rFkfFj 🎬 Canon EOS R & Kit Lens - amzn.to/3lEZIC2 🎙 Electro-Voice RE-20 - amzn.to/37SoBQt 🎙 dbx 286s Compressor - amzn.to/39SLTYY The above are my Amazon affiliate links - if you purchase anything using the links above, you're supporting this channel at no additional cost to you! I appreciate your support!

As we speak, Chinese state-sponsored hackers broke into the U.S. Treasury Department.

I like a lot of what you said. You are not the first one to cover this on you tube. From what I understand, the tp link firmware is the problem. The solution is to to use a open source firmware such as OpenWRT. And one more thing I want to touch on is that, just about everything we have in America is made in China. Which is a big problem that previous democratic governing parties allowed to happen. There are US companies that use China for fabrication of US electronic goods. So we are openly giving China our technology. They are always saying that China is stealing our technology. No, we are giving it to them in a hand basket. Take Apple for example.

Great Show...Great Topic... Thank you!!!

Great video Joe! - Even understandable for the layman. - Thanks. - Cheers!

Hi Jay! Heard about the tp link problem and found you channel. Your deep understanding of this complicated niche is amazing……..however (there’s always a “But”,sorry)……..I love computing ……..as far as carrying out the “very simple” things…….i have absolutely no idea even where to begin! Such as: “give it the file”, is it on “automatic “, use a v-lan, firewall on?, and disabling DMZ and upnp (sp?)……..where do I go to figure these out? Thanks!

Just wanted to say Thank you for this video. Will try to Harden my TP link router, but will replace it once I have some cash. ( I am retired ) You said you can do a MAC filter, but I had a hacker use a tool to copy my MAC so he could enter my router.. Using the same tool, I as able to keep changing MAC addess to keep him from using or seeing my computer. but he was able to enter my router. Having issues with device not able to connected in Wifi and Wire.. one trick I learned was to keep a copy of the firmware and just reboot the router with the firmware I had on USB stick.. Thank you so much for your tips, Hope to see more in the future.

I currently have TP-Link Deco routers set up in both of my homes. My next step is to purchase two Ubiquiti Cloud Gateway Max routers, which I’ll place in front of the Deco routers. I’ll then downgrade the Decos to access points. It’s definitely not a cheap upgrade, but once that’s done, I plan to gradually phase out all TP-Link hardware and replace it entirely with Ubiquiti. This setup will finally allow me to establish a reliable site-to-site VPN between my homes-a goal I’ve been working towards for a while.

Awesome video Jay lots of information and great tips. What about adding a hardware firewall or reviewing some different offers and price ranges? (firewalla etc.)

I have been using various routers for many years and at one point I had a TP Link to use as a wireless bridge in my house. It was cheap and effective, but I also could see that there were issues with them security wise. I saved up the money and bought a Ubiquti Dream Machine to use as the router and firewall. This was a huge improvement and it wasn't that much more than a home grade router in cost. It also bring a LOT of security to the table for the average user. I even have a honeypot in place to distract the script kiddies from any connections I have open.

Great video! Love the simplicity of your discussion, I think most people can follow your instructions!

When I lived in town, my WiFi SSID was "NSA_Surveillance_Task_Force".... never had a single attempt. Some routers make it possible to block IP address ranges from certain hostile countries. Mine currently blocks China and Iran. When you do that, be sure to check your logs occasionally, you'll be amazed at the hits. My cameras are not only on a separate VLAN, they are not permitted to access the internet individually, they can only see the camera server. I can access the camverast with the video management software which allows me to access the system remotely through a VPN. Some of the setup is inconvenient, but that IS the point.

Thank you! Very helpful. Going to try these options instead of replacing the router....for now.

Thank you, great ways to explain

Definitely some great tips, brother! I may even take a look into some of them and see how I can harden my network as well. :)

Thank you for sharing. You may have heard this in your life before: it’s not you it’s me. Well this was over my head, I am in that age group. I have tp links galore. All I have to say is I either higher an it specialist or I scrap all my tp link. Guess what I am going to shop for all brand new Routers and mesh routers for a start. I think it’s the cheaper rout for me. You were helpful in as much as allowing me to decide off TP link. I’ll start with that and start educating myself. I need to go with the better routers and mesh anyway. I have been thinking it before it’s a reality thanks for your sharing.

Hey great tips & insights into how to better manage one's network, keep up the good work 👌🏻

Thanks ! At my home I have been using MAC-address filtering, disabled remote admin, changed the admin password, changed the SSID and I DO NOT BROADCAST the SSID ! (Maybe I should broadcast a SSID for guest access). Now I am going to change my router's IP-address and check SPI & DOS protection status.

Happy new year.

Happy New Year!! 🎉🎉🎉🎉

😊brilliant as usual

Does the ban include the TP-Link Omada hardware or just the consumer based equipment?

Thanks very much sir.

👍 Thank you

Let's not forget apps like TicToc defeat your router firewall.

Great video and great tips. First time viewer. I may have missed it while watching, but while WPA3 is recommended whenever possible, it is very likely a lot of IoT / Smart hubs will not support WPA3, hindering you r ability to manage them. Running in WPA2/3 hybrid mode with a complex password (14+ characters in length) may be required/ Just someithng to keep in minde while looking at replacements. Keep up the good work.

Change your TP-Link SSID to start with Netgear! Watch the hackers go crazy trying to break into your "Netgear" router. 🤣

Just a tip here as well if you are going to use mac adress filtering most phones now are automatically set to randomize their mac address when your on a wifi network and this is goog for instance if your going to be on public wifi however you will need to go into your wifi settings on your phone for your paticular network and set your mac address to be stable on your own personal private network so that every time your phone connects to the wifi it doesnt use a different mac address and get blocked this is also important for vpn clients on your router as well

Why I don't buy Leveno computers. They had an issue with the bios being suspect of having a back door.

Thank you for uploading this so quickly. Great stuff

Thanks

Very helpful.. Thank you. Getting rid of my TP-Link as soon as I can identify a competent non-China alternative.

Setup a Vlan for your cctv

Costco is still selling tplink

For password make it a usb key ez. run a port scanner against one's router to see if any port is "open". Most it security ppl do this. Run a geo block on China etc. My pihole does this with ease. Make your wifi signal range smaller so less ppl see it etc. Setup vlans and static ip scopes so nosbody else can be in network from outside. ez.

Ah...but what might be contained in that firmware update? 🤔😲 As far as MAC address whitelisting, I don’t specifically do it but it’s a bit easier than manually having to type everything. On my current TP-Link router, as with others I’ve had in the past, devices that join your local network have their IP and MAC address show automatically in the Security area of the router and you can simple choose them to either add to a blacklist or whitelist so it’s not too tedious a process. And I think most devices that you add to your LAN are automatically whitelisted until you specifically blacklist a device you don’t need or trust to be on your LAN.

How about flashing it with dd-wrt firmware to get rid of the security issues of OEM firmware.

Would a decent work around be to have a router in front of a TP Link Mesh System? Does the Starlink itself act as protection itself? I just recently changed to all TP Link to make the mesh system work better around my property & it works pretty good, but really don't want to change again. Recently went from Actuated to Standard (Gen2 to Gen3) Starlink & have the router bypassed to use the TP Link.

Have changed to UniFi express from tp link

❤. TP-Link also makes wireless extenders. I assume they are also suspect!!

Funny that you are talking about this. I happened to try going on the Office Depot site and received a message that it wasn't offered in my country. Figuring that this was strange I changed routers and didn't get the message. So why is my Netgear router used with Starlink I did get that message, but on the Linksys router used with the local internet company, I didn't. A lot of what you suggested is way over my head. Is this a service you provide?

Any thoughts on Linksys Extenders 😊

Great tips. Do you have a step by step check list available for download?

Great now the deco mesh routers are compromised, terrific

I am in the process of upgrading our home network and part of that was to move away from the integrated router / wifi device. I initially thought about building a pfsense router / firewall, but after seeing a number of positive reviews on the TP-Link ER605 V2, I decided to go that router. I had not yet put this device into service and now, I cannot install it with its current issues. It looks like I will be going back with pfsense as I had originally planned on doing. I checked both, DD-WRT and OpenWRT to see if they offered alternate firmware, but ilooks that is a no, at least for the time being.

UPNP simplifies for non network folks for port forwarding like for games.

If it quacks like a duck, it's a duck! Tunneling through your router via your cell phone apps defeats router firewalls. Some VPN apps are dirty apps.

Is omanda business grade router affected by hack?

Great video. Just before this story blewup against TP Link, I bought one of their new wifi 7 routers. I ended up turning it into an access point and installed Firewalla as my router. Any comment if that new TP-LINK router in access point mode creates a safer environment for my network? Many thanks for your time.

How about Dynamic Link to ISP server.

I just replaced my previous MESH system with a TPLink Wifi 7 MESH system from Costco. Guess where that system is going.....yes back to Costco. I don't like the configuration options on TPLink anyway, too little control for the end user. When will Elon come out with a consumer level (at least price level) MESH system? Thanks for all you do.

Have you used the RioRouter it’s has a built in VPN. Would love to see your thoughts on that router.

did you say to not broadcast the SSID?

I got a question who told you that in a couple of weeks the government is shutting down tplink I heard they only talking about it.

I tossed it, now I am concerned about their network switches.

Are TP-Link routers too cheap, or are the other manufacturers too expensive?

And you use the tplink app to change ip address? Probably compromised too?

i now really understand why my government is so afraid about this technology.

See, I even forgot the imogee 😬

Basically you want to treat your home network like you would a public WiFi. Use a unique passwords for WiFi and admin that is not used anywhere else - preferably randomly generated. Make sure firewalls are enabled on all internal devices. Use VPNs to protect your internet traffic to the router. If you can’t use a vpn, make sure you are using dns sec or dns over ssl. Don’t ignore ssl warnings. Run nmap on your home network to identify any open ports and secure or remove those devices. Use randomly generated password for internal devices that you can’t secure. You have to assume that any traffic that passes through your router can be intercepted. While the advice in the video is good, you really can’t trust the router therefore securing the router will not prevent an adversary from accessing your network. But the absolute best move is to throw that router in the trash and get another one that is not compromised.

🎉Happy New Year 🎉

Nothing in that coffee cup....

linksys is a good choice - manufactured in vietnam based in irvine,ca

Wow. Was just questioning my AI over the likely backdoor designs by Red China, and whether a firmware flash of Open-WRT would close the vulnerability on my TP-Link home router. The question is whether the CCP's accesses are thru logical firmware backdoors, hardware IC circuits, or both.

Some TP-Link routers can be flashed with open source routing firmware like DD-WRT. I know one of mine can, I just have it sitting in a box as a backup but since the company has questions about its security i'm probably gonna flash it with dd-wrt to get rid of any chinese crap on it... assuming there isn't some hardwired hardware bypass wired right into the router that can't be blocked with firmware... i'm thinking not likely and if it did probably open source firmware would prevent it from working. But i'm probably not going to be buying any more chinese made routers from this point forward, this kind of thing is happening too much now. It's why i buy just name brand android Samsung phones and not the cheap chinese android phones with who knows what backdoors inside them.

There's like 4+ pages of TP Link models listed on the OpenWRT hardware compatibility list .... Just Say'n........

to change to video quality from 1080p to 4k is 1 second

I have a couple problems with the advise you're giving here. 1. "Change the IP address of your router" Which IPs you choose out of the private IP address space has absolutely nothing to do with the security of your network. No device can see the address space until it is authenticated, and when the device is authenticated, it receives DHCP packets that program the NIC to use a specific IP on a specific subnet with a specific default gateway and DNS IPs. You could change the IP to something as random as 172.31.214.1, but any device that connects to the network will still immediately see this IP as they HAVE to in order to communicate properly. The default gateway is always going to be a router and any attacker will immediately port scan it to search for vulnerabilities. 2. "WiFi is usually how the majority of attackers get on your network" I don't think this is true. It's going to be incredibly rare for someone to go war-driving around your house or business and connect to your WiFi. It is much more likely they will get in by scanning a large number of public IP addresses and vulnerable ports. That being said, you should definitely test your guest network and ensure that it is impossible to traverse onto your private network from there.

They called people conspiracy theorists for suspecting TP Link.

TP-Link doesn't allow the setup of vlans

Seeing as I am using Starlink and don't have any security settings to mess with on their router, but I do use a TP Range extender and an old Router as a repeater because I have a couple of devices that need a DHCP connection. Since it is just piggy backing the same signal is there anything to worry about?

openwrt??

I just purchased router,Access Points, Managed switches etc. During Black Friday 😢

⚡️⚡️

You cannot access 192.168.x.x outside of your (LAN) home so there is not reason to change that unless you have other reason (you have multiple routers in your home ,etc),your router should't be reachable from the internet so you should disable that if the case . In my opinion UPNP is the main culprit and you SHOULD DISABLE that , many routers have that enabled by default and is BAD , really BAD ,imagine you buy a new IP camera to monitor your kid , garage etc and your router will make that IP camera available for anyone on the internet without you being aware of that . The rest is pretty much spot on !

Never buy Chinese IT equipment if your worried about security 🇨🇳

Life After TP-Link.

Ok now I know why … now my brain hurts, where’s the how ? I always hear … not only how ! But the why …. I want to hear how 😊

Happy New Year 2025 🙏

I have a TP switch in my main frame. I think I'm safe.

Good information but you didn’t tell me how to change my ip address most people don’t know how?

Finally My starlink came in. Thank God, who made this happened. wow is all i can on the internet services

This problem could extend beyond routers to managed switches and other devices that are behind a firewall. It is easier to exclude external (incoming) access with a firewall than it is to exclude outgoing traffic, particularly on a network with multiple devices. Writing firewall rules for all possibilities of outgoing traffic is nearly impossible for a home lab situation. Trying a new game may fail because it uses traffic that is not anticipated by the firewall. Securing against known vulnerabilities can be done, but locking down unanticipated traffic has side effects. In short, anything that functions as malware in a network is bad news, especially if it resides in hardware that is normally unregulated. Singling out TP-link is perhaps unfortunate because lots of American tech companies have H1-b visa holders working for them from China and other questionable countries. For instance, could someone from say Israel insert a vulnerability, either knowingly or not, into an American device only to have China or some other government exploit it. What about code snippets created by Chat-GPT? Could they be trained on malware and use it blindly. In short, TP-link is low hanging fruit. Beware of 'Bad guy removed, all better now.'

change my home route ip to the 10 net

Changing your LAN network IP is not going to help anything, and is only going to perpetuate a false sense of security. Your LAN network is not externally visible, since it is hidden behind the public address of your router via NAT. And if someone is already on your internal network, they already know your network address, as well as your router's IP, no matter what you change it to, because all that information is provided by DHCP.

Unfortunately this extends to everything made in other countries. If the American company is not checking the software or firmware that is being flashed to the device. My guess is most don't. Takes time. Cost money the device only cost 150.00. Not worth it. Trust us. Whatever. They're no more trustworthy than TP Link.

👍🏻👍🏻

I find the TP-Link issue to be unfortunate as I own one of their Intel based wifi 6 routers and it has been a TANK. Rock solid for 4 years. I don't as of yet have any devices that support WPA3 protocol, but the desktop and laptops can be upgraded easily enough. The phone would have to be replaced and I'm not ready to do that yet, not to mention that I have it on 5G most of the time anyway with its wifi OFF. But, at least for me, this comes at the worst possible time and openwrt and ddwrt aren't options for the router. I checked (I don't like changing stuff that just WORKS after a little configuration, of course, unless I have a good reason for doing so. Can you blame me?) 😭. Not shilling for TP-Link at all and trying to approach this issue with an open mind, but, hey, I have to say where I stand on this issue and this will be diverting resources (money) that I need to be spending on other items 😡.

❤

😊

What about all the other smart devices made in China? Are they going to be banned too? In other words, I have to throw out all of my televisions and other electronics etc?

👍

😢

To secure, just don't use that router.

👍🙋🍨