Last Updated 13 July 2019
Our Wi-Fi routers are the very thing that helps us connect to the internet. They surely are pretty vital, however, despite this they are the least paid attention to a device for us.
Most of the time, after we have installed in a router, we just find a side spot to stash it. And the only time we actually check it out if it ever stops sending out signals. However, we fail to realize that is it is one of the most important devices we use.
Home Wi-Fi routers are computers, which are why they should be treated like that. A compromised router can very well spy on you and your family. It is a primary gateway for all the cybercriminals to enter your network and spread out all types of malwares and ransomware.
Steps to Secure Your Wifi Network
This article contains a comprehensive approach to the ways to increase your Wi-Fi security. It is divided into two parts:
- The basic tips and tricks
- Somewhat advanced tips
Both the methods will allow you to make sure your Wi-Fi router is forming a secure connection. However, let’s kick start with the basics.
1. Enable VPN Encryption
This is the most important step to take, everything you browse is monitored by your ISP and now ISP legally sells your browsing data logs as well.
Enable VPN on your router is the best way to encrypt all of your Internet traffic and stay protected. it will also help you to access blocked sites, American Netflix, Hulu Plus, and other streaming channels.
2. Update the Firmware:
Some routers have a firmware update integrated into their settings menu, while some might notify you about the updates as soon as you log in to your apps or web browser interfaces. No matter how it is particularly crucial to ensure that the router is equipped with the latest firmware update.
However, if your router is equipped with an automatic update that is it can directly get the updates of the firmware from the manufacturer itself, then it is particularly handy. Clicking on a few buttons to kick start the process might be considered too. But either way, it is a good thing as most people don’t really bother with checking out the updates.
If your router isn’t equipped with automatic updates, it will require you to upload new firmware yourself. In such a situation, you will have to manually go through the hectic task of downloading the firmware from the manufacturer.
The updates are usually present on a support page. If not there, it is possible that you will have to download the updates from by browsing for the firmware file and start the updating process yourself. It is possible that you will have to check for the updates after every few months or so.
Although this task is indeed laborious and people often forget to do it, but it is very crucial.
3. Make changes in administrative and network credentials.
Using “admin/admin” or admin/password” combo or any other generic password is basically inviting the cybercriminals to exploit your network. It is essential to set up the router with a password that is tough to guess and does not come up with a few guesses.
It is essential to change the network name or the SSID to something unique, but it doesn’t have to be anything personal. Instead of “Netgear” or “Linksys,” it is vital to set up a name that doesn’t give away the network name.
4. Go for using WPA2
WPA2 wireless encryption allows having better security. As compared to WEP, WPA2 is far more secure. This is because passwords protected with WEP encryption method are vulnerable to brute force attacks.
Opting for a much stronger WPA2 protocol network is much better due to the added security. The only way you won’t be able to use it though is when you have an old device, so in that case, it is better to get equipped with a new one.
5. Steer clear of WPS setup.
WPS setup of the Wi-Fi protects structure is generally considered to be a hassle-free way to stay safe. Sure it is far easy to type in a small set of pin numbers instead of extremely long complex passwords, but these pins are much more vulnerable to brute force attacks.
Most routers are equipped with a feature that allows them to time out after a certain number of failed password attempts. However, this has never really stopped attackers to attack at networks through WPS attacks. Thus it is better to keep this setting turned off.
If completely turning off the setting and typing in passwords seems annoying to you then you can easily use the push-button WPS instead of the pin-based one. In it, you just have to manually push a button on the router. This makes WPS exploitation somewhat tricky.
6. Change the DNS
Changing to another DNS rather than the ISP one such as Google DNA, Cloudflare, or OpenDNS is another excellent option. Apart from the speed they provide, they also protect the user from man-in-the-middle attacks, popups, redirects, interstitial, or other spams that the ISP let out.
Apart from that, they also allow you to have parental control and thus help you to keep a check on your kids by keeping them off time-consuming websites such as Tumblr and Reddit.
7. Use Mac filtering
Mac address is basically a group of letters and numbers that gives of a picture like this “00-17-A4-9B-88-6C”. Spoofing of a Mac address is an effortless task, but still, you can work up to provide yourself a bit security.
This can be done by setting your router in a way that allows only the devices appearing on the whitelist to connect. The whitelist filtering is based on the Mac addresses of the users.
Although with this setting, you will have to go through the hassle of adding new devices you to the list every time you want to connect them to the router. This setting also makes sure that unauthorized devices are not allowed to squat.
8. Say no to Cloud-based router management
If the router’s manufacturer offers cloud-based router management, then it is better to turn it off. This is because this way, a third party is allowed to enter the link between you and your router?
However, many “mesh routers” such as Google Wi-Fi or Euro are entirely dependent upon cloud management. They can thus interface with the user only through the cloud-based smartphone apps.
Although these mesh routers provide security in other aspects such as automatic firmware updates, it is still a better idea to opt for mesh routers that are not cloud-based and allow local administrative access such as Netgear Orbi.
Some Other Techy Tips
Apart from these somewhat simple tips, there are also some technical methods that you can opt for to age your Wi-Fi router on lockdown. Here are the much more advanced setups to go for:
1. Set your router to use the 5GHz band
If all the devices in your home are compatible with the 5GHz band, then it is better to set your Wifi to it rather than using the standard 2.5 GHz. This is because the 5GHz band doesn’t travel very far, and thus will keep you hidden from snoopers.
2. Disable remote administrative access
A standard router when runs a web server It makes the web page available for the user while it is on the router’s local network. However, with remote administrative access feature, you can access the web interface from anywhere in the world.
Although it may sound handy for security purpose, it is better to disable this feature. Instead of this, administrators should opt for connecting to the routers through wired Ethernet only.
3. Alter the administrative Web Interface settings
Altering the administrative settings for web interference can add up to security if your Wi-Fi router allows it. In ideal circumstances, the interference should work with a secure HTTPS connection over a nonstandard port.
The example of an ideal setting URL of administrative interference would look like https://192.168.1.1:82” rather than the standard “https://192.168.1.1” which uses the internet standard port 80 as a default.
4. Turn off remote access protocol use
Remote access protocols such as PING, Telnet, SSH, UPnP, and HNAP- instead of being set up at “closed” on all relevant ports, they should be set up to “stealth.”
This way even if an attacker is trying to probe at your network, then a response won’t be given to the unsolicited externals communications. Turning off the remote access protocol allows you to hide from possible attackers or hackers
5. Use a VPN support router
VPNs, as you might be aware of, are networks that offer anonymity and security by encrypting your network data. Some routers can easily be turned into a VPN client. After that, you can quickly subscribe to a VPN service and securely use the internet.
This is easy to set up in some home router as they can be “flashed” to run open-source firmware such as DD-WRT firmware. This allows them to support OpenVPN protocol. However, most VPN services now give out instructions o how to set up and use open-source routers and also support OpenVPN.
Now that you are in the loop regarding top up your security settings, it is better to go for the practical work. Staying safe from attackers is indeed essential, and security should always be of the top-notch level!