Nowadays almost in all apartments there is at least one wireless router or modem. You need a router if you have at least one laptop to be able to connect to the Internet without using a wire (patch-cord). You also need one if you own a modern phone like iPhone or Android-based device to use your home ISP and not to waste your mobile data in vain. How many networks does your laptop or smartphone detect when you are at home? In most cases you can see at least three Wi-Fi names belonging to your nearest neighbors except the SSID of your own router.
So what about security? Many people believe that setting up a strong wireless security key for Wi-Fi access means a total security for the router in whole. It’s a big fallacy. Even if your “WiFi password” is hard-to-guess, someone can exploit a vulnerability in your current security mode or features like WPS to gain access to the wireless network, then – to settings page of your router and few minutes later – to your PC, files, e-mails, credit cards credentials and banking account. In this article read our tips about how to secure your wireless router, access point or wireless modem and prevent hackers from accessing your devices and stealing your data.
Why router security is important?
Risks of unprotected router:
- The hackers can gain access to your files, passwords, banking and even observe you over your webcam of surveillance cameras.
- All devices connected to the router can be directed to malicious site or show fraudulent page designed to steal your credentials or money.
- Neighbors can leech off your internet connection and access your devices on the LAN.
How to Secure Your Wireless Router
Change the default password for web-interface
This is very important. Default logins and passwords are commonly known by everybody. So any person can try to log into the web interface of your device at any time.
- Change the password to strong. Do not use your birth date, phone number, etc.
- If possible, change the login as well.
Disable remote access to the router
If you need to have remote management possibility enabled, change the port number to non-standard and specify an IP address to allow connections from.
Disable WPS or QSS
WPS stands for Wi-Fi Protected Setup. In TP-Link equipment it is called QSS (Quick Security Setup). The feature is designed to facilitate configuration of the router but it is vulnerable and allows to hack the wireless network. Disable this function to secure the router’s wireless network.
Use WPA2-PSK security for Wi-Fi with strong security key
1. Select WPA2-PSK security mode.
2. Select AES (AES-CCMP) cipher type for better performance and security.
3. Specify a strong security key for your wireless network. 10 symbols is a good solution:
Disable Guest networks
Guest network feature is available in modern routers. They are designed to provide internet for guests of your office while the staff is using another corporate network. But this feature can reduce security. So it is recommended to turn it off:
Some router models have bad UPnP implementation (read more). So it is recommended that you disable UPnP for better security:
Extra security measures for router protection
In most cases it is enough to fulfill the basic protection steps from the previous paragraph. Apply the extra measures if you believe that somebody tried to hack your router or if you have an extra private information on your home network.
Use non-default IP address range without DHCP
1. Give a non-standard LAN IP to router. E.g. 192.168.49.192
2. Turn off DHCP
Manually specify a unique IP address from the pool to every device on a network.
Setup a MAC address filter using white list mode
This means you create a list of MAC addresses and allow only these devices access the Internet:
Disable SSID broadcast
Make your network invisible by turning off the SSID broadcast. The client will have to enter not only security key but input the correct SSID as well to connect to your wi-fi:
This is how hidden network looks on a laptop:
Related: How to connect to a hotspot with a hidden SSID