Always bridge your network from the ISP. It doesn’t insulate you from an attack, but it insulates the damage they could do. The ISPs are going to mandate that you use CWMP if you want support. I personally bought a Motorola Surfboard and told my ISP that I just need the bridge information. They don’t support anything unless the connection drops. This isn’t ideal for most home users.
My suggestion to most FReepers is to NOT use your ISP’s router for direct connections to computers or the ISP wireless connection. You might be sold a bill of goods on what they support if you use their native wireless, but it’s not worth the security headache. Buy a cheap Linksys or Netgear wireless router/switch and learn how to configure it yourself. Don’t let ANY company say they’re securing you. They’re not.
Thanks for the advice. I feel better about this Netgear router already, although at about ten years old I am trying harder and harder to find a suitable replacement before its EOL becomes clear.