I agree that there probably is a pretty low risk of someone at Rogers playing around with your network with malicious intent.
But that is not my main worry.
The knowledge level of many CSRs is fairly low - I am more worried about ignorance than malevolence. If I call in with a problem with my internet service I worry that they are going to try to "fix" the problem by changing something in my network configuration. Don't forget the case a couple of months ago when Rogers continued to insist that there was no problem with this device in bridge mode when dozens of users were having persistent crashing.
For example, I believe the default subnet for this gateway is 192.168.0.X and the router gets an IP of 192.168.0.1. Let's say I decide to change this to 192.168.1.1 and my subnet to 192.168.1.X or I decide to change my subnet mask to 255.255.254.0. If the Rogers CSR changes these back to the default then they will likely F up my LAN.
Another reason to not use this device in gateway mode is that it seems to screw up VOIP devices, like my Vonage adapter. I have used Vonage for many years with multiple Rogers modems and in a default state with the CGN3 I got one way voice with Vonage - I could hear the other party but they couldn't hear me, or vice-versa. I have never had this problem in bridge modem using at least three different routers (Linksys WRT54G, Asus RT-N16, Asus RT-N66U).
I can most certainly attest to the "ignorance" factor re: CSR's. My rule of thumb is to try to call at least 3x and hopefully there will at least be a 2 out of 3 answer that makes sense... Kidding, but not really. I am consistently amazed at how much more I know about many of my issues than they do, and it should not be that way since I am not an expert!
That said, if the defaults work OK for me, is there an inherent "good practice" reason for me to change away from defaults if I don't need to? Does this compromise my sytem in any tangible way (i.e. re: secutitry among others?)
While may not remove it fully.. there are/were some WPS vulnerabilities out there..
Turning it off MIGHT lessen the chance of one of these happening.
(this can happen on ALOT of 3rd party routers as well with WPS)
You could change it over from WPA/WPA2 to just straight WPA.
Is WPA bad? No.. just WPA2 is better.. and if you dont have any devices which specifically need just WPA only.. may as well remove it from there any chance of something exploiting it, etc.
I have disabled WPS on both WiFi bands, and have changed the security from WPA/WPA2 to straight WPA2. Encryption method is TKIP/AES with a strong passphrase.
With reference to other parts of the thread, I did see in the user admin screens that there is a way to chage DNS at the hardware level if I choose to/need to. For now I will leave it as "auto" until/unless I have any problems.
BTW it is now more than 72 hours and no firmware upgrade from 126.96.36.199 so I think I will call them later and ask about it.
There is a DNS page on the CGN3.. which appears you can change it there.. not sure on how well it works though.. i do it at the DEVICE level myself.
Oh! one thing to change there on your wireless setup.
Move it over to AES only.
Many people have found, if the device connect viat TKIP, it can be throttled down to the 54mb range.
I have the Hitron CGN3 modem ...
One desktop is direct via CAT5 cable to one of the ports on the CGN3.
Hooked up the Netgear WNR1000 Router directly to one of the ports on the CGN3 (this is strictly for the Smart Home Monitoring).
Hooked up the Asus N600 RT-N53 Dual Band Router to one of the ports on the CGN3 ... this gives me better range and signal from the front of the house on the second floor to the desktop (wirelessly using 5GHz) that is hooked up to the TV in the Living Room on the main floor at the back of the house.
PERFECT Signals on the Asus 5GHz band!!!
I link my laptops wirelessly to the 2.4GHz band of the Asus Router on the mainfloor and 5GHz for my Samsung Tablets on the mainfloor.
The Samsung Phones are via 5GHz to the Asus on the Mainfloor
When on the second floor I use the 5GHz for the CGN3 ...
Hitron CGN3 - "Security: Logs Screen" is not available
From the manual for Hitron CGN3 User's guide, https://www.midco.com/contentassets/87322b7ed6b04cabb102fe22607bc4d1/hitron-modem-user-guide-cgn3-re..., page 104 describes a Security: Logs Screen.
After speaking with Roger's technical support, I understood that the Roger's firmware removes this feature.
I assume this screen would allow for inspecting internet access logs through the router? This could be a useful feature for parental control, to view a history of internet access.
What is the reason this feature was removed? Is there a way customers can enable it?
Welcome to the Rogers Community Forums!
I can understand how disappointing it is to find out there are additional features on your modem that you are unable to access at this time. =(
The modems produced by Hitron are used by many Internet Service Providers (ISP's) worldwide who may request specific features. Instead of manufacturing devices with a specific feature set for each ISP, they include everything and then allow the ISP's to modify the software to enable or disable the features that they prefer. Regrettably, we are not privy to the reasoning why this feature has been disabled and there is no way for customers to enable this on their modems.
For those customers who would like more control over the features on their modem, we recommend using a Third Party Router and putting the modem in Bridge mode so it operates as a standalone modem only. I know this may not be an ideal response but there are many users in the Community that can recommend a good Router and help you configure it too!
Thank you for posting your concern in the Community.