If you'd like, I will simply list the things that I normally do to help secure WiFi routers that I install.....use as much or as little as makes sense to you.
The VERY FIRST thing that I do is reset the default logon password (page 12) to something that I would use (and that isn't already known to the rest of the world as being the default password for your N300 WNR2000v4.....in this case, the default password that you need to change is "password" and while it doesn't have to be particularly hardened, it should be something that is not only easy for you to remember but also should contain at least one special character, a numeral and both upper and lower case letters - a reasonable example for your situation might be a person, pet, or vehicle that you can apply those parameters to - such as Cr0wn-V1ctoria - upper/lower case, numerals and a special character describing an earlier car you might once have owned.....
The next thing I would do is change the default LAN IP to something different from the default of 192.168.1.1 --- use 192.168.10.1 for the new router address for example. (page 49)
Then I would shrink the DHCP pool down to a more reasonable size and have it start and end more in the middle of your available range.....so instead of serving addresses to over 250 potential LAN clients (the default range is 192.168.1.2 to 192.168.254) I would limit the range to include 20 potential LAN clients and have it start somewhere in the middle, like 192.168.10.180 to 192.168.10.199 -- (page 50) 20 DHCP clients should be more than enough to meet your normal networking needs unless you have a GOB of devices on your network.
Name the SSID (page 28) to your desired name (DeniroNet just as an example) and here is where I would make a password that not only contains upper/lower case, numerals and special characters, but also runs out to 14 characters in length.....this is the password that you use for joining your WiFi network using WPA2 personal with PSK and AES encryption (the default shown on page 30). "MySt00p1dDawg!" for example would be a strong WPA2 passphrase....exactly 14 characters without the quotes, using special characters, numerals, and upper/lower case letters yet easily remembered without having to write it down somewhere.
One other thing that I prefer to do is disable the WPS button on the router so that I can't inadvertently muck up my wireless network......your router does NOT have the option to disable WPS.
Looking further at the remote access options that your router has (and the defaults that it comes with) I don't see any further changes for you.....there is no option for SSH or Telnet access listed, and the WAN Access defaults look fine to me.
Just a few more items in closing.....when you change the routers' internal IP address from the default setting, you will have to log back into the internal control page by directing your browser to the new IP address that you just set -- the default "http://www.routerlogin.net" may no longer get you there. So using our example above, once you reset the IP address to be 192.168.10.1, you will most likely need to send your browser to that address to continue making your changes to setup for your installation.
...and of course, you've already seen that when you change the SSID and the security passphrase to something other than the defaults that Netgear set originally, you will need to join your NEW wireless network instead of the original NETGEAR WiFI network that was originally being broadcast....and use the new passphrase that you set instead of the hard to remember one that is written on the label on the back of your router.
Hope all this doesn't put xx's in your eyes by being too inherently geeky....
