Nowadays almost in all appartments there is at least one wireless router or modem. Everybody wants to buy such equipment but not everyone knows how to secure the router properly. Read our tips about router protection and security.
Why router security is important? Risks of unprotected router
- The hackers can gain access to your files, passwords, banking and even observe you over your webcam of surveillance cameras.
- All devices connected to the router can be directed to malicious site or show fraudulent page.
- Neighbours can leech off your connection.
How to secure wireless router, modem or access point
Change the default password for web-interface
This is very important. Default logins and passwords are commonly known by everybody. So any person can try to log into the web interface of your device at any time.
- Change the password to strong. Do not use your birth date, phone number, etc.
- If possible, change the login as well.
Disable remote access
If you need to have remote management possibility enabled, change the port number to non-standard and specify an IP address to allow connections from.
Disable WPS or QSS
WPS stands for Wi-Fi Protected Setup. In TP-Link equipment it is called QSS (Quick Security Setup). The feature is designed to facilitate configuration of the router but it is vulnerable and allows to hack the wireless network. Disable this function.
Use WPA2-PSK security for Wi-Fi with strong security key
1. Select WPA2-PSK security mode.
2. Secelt AES (AES-CCMP) cipher type for better performance.
3. Specify a strong security key for your wireless network. 10 symbols is a good solution:
Disable Guest networks
Guest network feature is available in modern routers. They are designed to provide internet for guests of your office while the staff is using another corporate network. But this feature can reduce privacy. So it is recommended to turn it off.
Some router models have bad UPnP implementation (read more). So it is recommended that you disable UPnP:
Extra security measures for router protection
In most cases it is enough to fulfill the basic protection steps from the previous paragraph. Apply the extra measures if you believe that somebody tried to hack your router or if you have an extra private information on your home network.
Use non-default IP address range without DHCP
1. Give a non-standard LAN IP to router. E.g. 192.168.49.192
2. Turn off DHCP
Manually specify a unique IP address from the pool to every device on a network.
Setup a MAC address filter using white list mode
This means you create a list of MAC addresses and allow only these devices access the Internet:
Disable SSID broadcast
Make your network invisible by turning off the SSID broadcast. The client will have to enter not only security key but input the correct SSID as well to connect to your wi-fi:
This is how hidden network looks on a laptop: