Pinterest Stumbleupon Whatsapp
Advertisement

Default router settings put your network at risk Why Your Router Is A Security Risk & How To Fix It Why Your Router Is A Security Risk & How To Fix It Read More . Not only could strangers in your vicinity use your Wi-Fi without your permission, their freeloading could subsequently reduce your bandwidth, and exhaust your data allowance.

More worryingly, their actions even get you in trouble if they used your network for illegal activities, whether downloading copyrighted material or hacking into your devices. Default settings could also invite wannabe hackers to log into your network’s admin panel and hijack your settings.

We have summarized the standard router settings that can prevent leeching and unauthorized access to your network.

Basic Router Security Settings

The following are the bare minimum security-related settings. They’re easy to set up. Connect your computer to your router using a LAN cable and log in using the router IP address and – unless you already changed them – the manufacturer-provided administrator username and password.

If your router interface doesn’t immediately reveal the settings listed below or doesn’t look like the example screenshots, I recommend you to consult your router’s manual; you can probably find it online. Many manufacturers, including Linksys and Netgear, also offer detailed support pages.

Change Default Administrator Credentials

The default username and password you use to log into your router are often the same for thousands of other devices Does Your Default Router Configuration Make You Vulnerable to Hackers & Scammers? Does Your Default Router Configuration Make You Vulnerable to Hackers & Scammers? Routers rarely arrive in a secure state, but even if you have taken the time to configure your wireless (or wired) router correctly, it can still prove to be the weak link. Read More and they can be looked up online. Thus log into your router and change both. Since you use a browser to log into your router, you can store the new login credentials in a password manager 9 Password Managers to Make Use Of [We Ask You Results] 9 Password Managers to Make Use Of [We Ask You Results] Creating and remembering passwords for every website you interact with is a real pain in the ass. Unfortunately, it's also essential. Read More like LastPass. If only you or family members have physical access to your router, there is no harm in putting a sticker with the username and password onto your router.

Advertisement

Linksys Router Settings

The settings above are for a Linksys router.

Set a Wireless Password or Passphrase

While you’re logged into your router, make sure you have set a password for your Wi-Fi. As mentioned above, an open Wi-Fi network can have all sorts of negative consequences. However, a password that’s easy to crack is almost as bad as no password at all. To be safe, use WPA2 level encryption WPA2, WEP, And Friends: What's The Best Way To Encrypt Your Wi-Fi? WPA2, WEP, And Friends: What's The Best Way To Encrypt Your Wi-Fi? When setting up wireless encryption on your router, you'll come across a variety of confusing terms -- WPA2, WPA, WEP, WPA-Personal, and WPA-Enterprise. Read More because anything else is too easy to bypass.

enable-wpa2-on-router.png

Turn Off WPS

Wi-Fi Protected Setup (WPS) is a wireless standard that makes it very easy to set up an encrypted wireless connection. To give a device access to your wireless network, you either press a button on both the router and your device or you enter the 4 to 8 digit number printed on a sticker on your router.

The problem is, this feature is turned on by default and since there are no limits to how many times you can enter a wrong code, WPS is crackable by brute force Think Your WPA-Protected Wifi Is Secure? Think Again - Here Comes The Reaver Think Your WPA-Protected Wifi Is Secure? Think Again - Here Comes The Reaver By now, we should all be aware of the dangers of securing networks with WEP, which I demonstrated before how you could hack in 5 minutes. The advice has always been to use WPA or... Read More . With the right tools, which can be found online, it only takes minutes or hours to compromise your wireless network How Easy Is It to Crack a Wi-Fi Network? How Easy Is It to Crack a Wi-Fi Network? Whether you're a computer novice or a pro-level geek, you probably have some idea about Wifi security. You know that you need to have some kind of password, and you also know that there's a... Read More . Once the WPS code is cracked, your Wi-Fi key is revealed, too.

To be safe from this vulnerability, you have to manually turn it off. Find the respective setting in your router admin panel and disable it.

disable-insecure-wps.png

Unfortunately, turning off WPS might not actually do anything. Many manufacturers either don’t offer an option to turn if off, or WPS continues to work despite having been disabled.

Change Default SSID Name

The SSID is the name of your wireless network. Your devices use the SSID to recognize previously used networks and will try to hook up to any matching network that they have stored login data for. With a default SSID, you’re potentially setting your devices up to connect to a lot of strange networks by default. Moreover, if the default SSID reveals your router, hackers might be able to identify the model, leading them to uncover router-based vulnerabilities Open Router Ports & Their Security Implications [Technology Explained] Open Router Ports & Their Security Implications [Technology Explained] Read More of your network.

macwifiscanner

Don’t be tempted to hide your SSID! Contrary to common recommendations, security expert Joshua Wright explains that hiding your SSID is a bad idea because devices trying to connect to your network will essentially try to match with any AP (access point) out there. Now a malicious network could impersonate your network How Easy Is It to Crack a Wi-Fi Network? How Easy Is It to Crack a Wi-Fi Network? Whether you're a computer novice or a pro-level geek, you probably have some idea about Wifi security. You know that you need to have some kind of password, and you also know that there's a... Read More and thus obtain access to your device. Instead of cloaking your SSID, make sure you follow our recommendation and give it a unique name.

Change Default Router IP

Above we told you to change your default login credentials. That’s a simple and effective way to prevent unsolicited access to your router. To make it even harder for hackers to find your router’s admin panel, change the default internal gateway or comparative IP. If you’re using LastPass to store your login data, update the IP there, too.

Disable Remote Administration or Management

When remote access is enabled, anyone on the Internet can access your router and change its settings. To prevent unsolicited remote access , you need to disable this feature.

Note that this still allows anyone close enough to catch your Wi-Fi to access the admin panel, provided they know the login credentials. If your router offers this option, set it to permit access to the admin panel only with a wired connection to the router. This is a rare feature and you might have to upgrade or change your router firmware to get it.

Advanced Router Security Settings

Those of you confident enough to dive a little deeper into securing your routers might want to consider the following settings. They’re also recommended if your router is located in a high risk environment, e.g. in an apartment building or close to a public space.

Update Firmware

Generally, firmware is a kind of software coded onto hardware to help it execute operations and communicate with peripherals. Whenever a router vulnerability is revealed 1.2 Million Routers Are Vulnerable To Being Hijacked. Is Yours One Of Them? 1.2 Million Routers Are Vulnerable To Being Hijacked. Is Yours One Of Them? Read More , manufacturers typically release new firmware to close the security hole. That’s why it’s recommended to periodically check and update your router firmware. Most standard routers come with an in-built router update option, typically found under router administration.

NETGEAR genie

Note that updating your firmware could restore default settings, meaning you’d have to re-apply any changes you previously made. If possibly, make a backup of your custom settings prior to updating firmware.

Switch to 5 GHz Band

The standard band is 2.4 GHz, which travels further. By using the 5 GHz band you reduce the reach of your Wi-Fi network and thus the chance of a bad guy picking it up and trying to break in. It also decreases interference, improves speed, and increases stability of your network.

Unfortunately, not all devices support the 5 GHz band. One solution here, if you wanted to be meticulous, would be to either connect these devices using an Ethernet cable or upgrade your router to 802.11ac and create a dual network setup. You’d have one network for each band ad could move most of your traffic over to the 5 GHz band. Of course that would not actually increase your security because now you’d offer two points to attack your network.

Disable PING, Telnet, SSH, UPnP, and HNAP

Find the respective settings in your router interface and disable them. Rather than closing these ports, use the stealth settings (if available) which will result in attempts to access your network from outside being met with silence, thus hiding the port. An efficient way to hide your router is to prevent it from responding to PING commands.

Enable Router Firewall

If your router has its own firewall, enable it. You shouldn’t rely on your router firewall Why Your Router Is A Security Risk & How To Fix It Why Your Router Is A Security Risk & How To Fix It Read More alone, just consider it an extra layer of protection.

common-security-mistakes-firewall

DISABLE Wireless MAC Filter

Briefly, MAC addresses are easy to spoof and thus MAC filtering isn’t worth the effort.

Pro Router Security Settings

Finally, here are the settings for those of you who want to take every last step to secure their network.

Install Alternative Firmware

Third-party router firmware The Top 6 Alternative Firmwares for Your Router The Top 6 Alternative Firmwares for Your Router Alternative firmwares offer more features and better functionality than stock firmwares. Here are some of the best ones to use. Read More not only adds additional features, but is also more secure than the latest firmware provided the manufacturer of your router. Alternative firmwares are less commonly affected by vulnerabilites. Popular open source firmwares include the Linux based DD-WRT (our DD-WRT review What Is DD-WRT And How It Can Make Your Router Into A Super-Router What Is DD-WRT And How It Can Make Your Router Into A Super-Router In this article, I'm going to show you some of the coolest features of DD-WRT which, if you decide to make use of, will allow you to transform your own router into the super-router of... Read More ) and Tomato.

dd-wrt

Before you install new firmware, make sure you find one that is compatible with your router, then review the step-by-step instructions for installing it.

Change Default DNS (Domain Name Server)

Rather than using your ISP’s default server, pick an OpenDNS or Google Public DNS server (our review Find Fastest DNS and Optimize Your Internet Speed Find Fastest DNS and Optimize Your Internet Speed Read More ). It can improve your Internet speed How to Optimize Your DNS for Faster Internet How to Optimize Your DNS for Faster Internet "The Internet is just a series of tubes" as one man so wisely stated. Unfortunately, it’s not as simple as that. There’s a complex architecture that supports the Internet, and data packets need to travel... Read More and your network’s security How To Change Your DNS Servers & Improve Internet Security How To Change Your DNS Servers & Improve Internet Security Imagine this - you wake up one beautiful morning, pour yourself a cup of coffee, and then sit down at your computer to get started with your work for the day. Before you actually get... Read More .

Be Careful with Wi-Fi Network for Guests

Again, the recommendations here are contradicting. Some say it’s better to disable guest networks because they come with no login security and default passwords can be found online. If you can, however, create a custom login and make the guest network expire after a given time, then it’s a great option to provide guests with temporary access to your network, while keeping any shared folder or devices in your network private.

Is Your Router Safe?

We’re curious! How many of these router security settings had you made use of already and which ones didn’t you know about before?

By the way, if you’re still not sure whether you’re router settings are fine, you can test your network security with this website or use Fing (for Android, iOS, Windows, OS X, Linux) to analyze your network.

Image Credits: Linksys settings via Linksys, NETGEAR genie via NETGEAR

Leave a Reply

Your email address will not be published. Required fields are marked *