How to secure wifi-router

Nowadays almost in all appartments there is at least one wireless router or modem. Everybody wants to buy such equipment but not everyone knows how to secure the router properly. Read our tips about router protection and security.

Why router security is important? Risks of unprotected router

  1. The hackers can gain access to your files, passwords, banking and even observe you over your webcam of surveillance cameras.
  2. All devices connected to the router can be directed to malicious site or show fraudulent page.
  3. Neighbours can leech off your connection.

How to secure wireless router, modem or access point

Change the default password for web-interface

This is very important. Default logins and passwords are commonly known by everybody. So any person can try to log into the web interface of your device at any time.

  • Change the password to strong. Do not use your birth date, phone number, etc.
  • If possible, change the login as well.

wifi-router-protection-0021

Disable remote access

If you need to have remote management possibility enabled, change the port number to non-standard and specify an IP address to allow connections from.

wifi-router-protection-0031

Disable WPS or QSS

WPS stands for Wi-Fi Protected Setup. In TP-Link equipment it is called QSS (Quick Security Setup). The feature is designed to facilitate configuration of the router but it is vulnerable and allows to hack the wireless network. Disable this function.

Use WPA2-PSK security for Wi-Fi with strong security key

1. Select WPA2-PSK security mode.

2. Secelt AES (AES-CCMP) cipher type for better performance.

3. Specify a strong security key for your wireless network. 10 symbols is a good solution:

wifi-router-protection-0041

Disable Guest networks

Guest network feature is available in modern routers. They are designed to provide internet for guests of your office while the staff is using another corporate network. But this feature can reduce privacy. So it is recommended to turn it off.

Disable UPnP

Some router models have bad UPnP implementation (read more). So it is recommended that you disable UPnP:

upnp-dlink

Extra security measures for router protection

In most cases it is enough to fulfill the basic protection steps from the previous paragraph. Apply the extra measures if you believe that somebody tried to hack your router or if you have an extra private information on your home network.

Use non-default IP address range without DHCP

1. Give a non-standard LAN IP to router. E.g. 192.168.49.192

wifi-router-protection-0111

2. Turn off DHCP

Manually specify a unique IP address from the pool to every device on a network.

wifi-router-protection-0121

Setup a MAC address filter using white list mode

This means you create a list of MAC addresses and allow only these devices access the Internet:

wifi-router-protection-0131

Disable SSID broadcast

Make your network invisible by turning off the SSID broadcast. The client will have to enter not only security key but input the correct SSID as well to connect to your wi-fi:

wifi-router-protection-0051

This is how hidden network looks on a laptop:

wifi-router-protection-0053