Securing a router & wireless network is very important because if you don't, your neighbors can not only borrow your Internet connection, but also access your files and check up on what you're doing. Even worse, hackers can use your internet connection to upload illegal materials and steal your personal financial information. Unfortunately many consumer and small-business routers come with insecure default configurations, have undocumente
d backdoor accounts, expose legacy services and have firmware that is riddled with basic flaws. Below are some helpful tips that will make your home or business network much more secure.
Avoid using routers supplied by ISPs. These routers are typically less secure than those sold by manufacturers to consumers. They often have hard-coded remote support credentials that users can't change and patches for their customized firmware versions lag behind patches for the same flaws released by router manufacturers.
Change the default admin password. Many routers come with default administrator passwords and attackers constantly try to break into devices using these publicly known credentials. After you connect to the router’s management interface for the first time through your browser — the address should be the router’s default IP address found on its bottom sticker or found in the set-up guide — make sure the first thing you do is change the password.
The router's web-based management interface should not be reachable from the internet. For most users, managing the router from outside the LAN (local area network) is not necessary. If remote management is needed, consider using a VPN (virtual private network) solution to establish a secure channel to the local network first and then access the router's interface.
Choose a complex Wi-Fi password and a strong security protocol. WPA2 (Wi-Fi Protected Access II) should be the option of choice, as the older WPA and WEP are susceptible to brute-force attacks. If the router offers the option, create a guest wireless network, also protected with WPA2 and a strong password. Let visitors or friends use this isolated guest network instead of your main one. They might not have malicious intentions, but their devices might be compromised or infected with malware.
Disable WPS (Wi-Fi Protected Setup). This is a rarely used feature designed to help users set up Wi-Fi networks easily by using a PIN printed on a sticker. However, a serious vulnerability was found in many vendor implementations of WPS a few years ago that allows hackers to break into networks. Because it's hard to determine which specific router models and firmware versions are vulnerable, it's best to simply turn off this feature on routers that allow it. Instead, you can connect to the router via a wired connection and access its web-based management interface and, for example, configure Wi-Fi with WPA2 and a custom password (no WPS needed).
Keep your router's firmware up to date. Some routers allow checking for firmware updates directly from the interface while others even have an automatic update feature. Sometimes these checks might be broken due to changes to the manufacturer's servers over the years. It's a good idea to regularly check the manufacturer's support website manually for firmware updates for your router model.