The proliferation of handheld devices and broadband Internet access has led to the enormous popularity of wireless routers, also known as routers. These gadgets can send out a signal through the Wi-Fi protocol to mobile devices like tablets and smartphones as well as stationary computers. The channel bandwidth is also more than enough to support multiple users connecting at once.
Nowadays, practically every home with broadband internet access has a wireless router. Nevertheless, not all owners of such devices consider how extremely vulnerable they are to hackers in their default settings. Even if you believe you don’t do anything on the Internet that could hurt you, consider this: hackers can access not only your bank account, business documents, and other files, but also your personal correspondence by intercepting the local wireless network’s signal.
Hackers might not stop at just looking through your personal devices’ memory; the information within could lead them to your family, friends, and company’s networks, as well as data from a variety of commercial and governmental information systems. In addition, attackers can carry out mass attacks, hacks, illicit media file and software distribution, and other criminal activities through your network and on your behalf.
In the meanwhile, you should abide by a small number of straightforward guidelines that are understandable to everyone, including those without specialized experience in computer networks, in order to safeguard yourself against such dangers. We advise you to become acquainted with these guidelines.
Modify the administrator credentials by default
You must log into your router’s web interface in order to access the settings. You will need to know its administrator login and password in addition to its local area network (LAN) IP address in order to accomplish this.
The hardware documentation of the router always specifies the internal IP address by default, which is typically 192.168.0.1, 192.168.1.1, 192.168.100.1, or, for example, 192.168.123.254. The router manufacturer or your service provider may provide you with the default login and password, or they are typically included in the documentation.
In the address bar of your browser, type the router’s IP address. In the window that pops up, enter your login information and password. We will see the router’s web interface, which has many different settings.
The ability to modify settings is a crucial component of home network security, so you should make sure to alter all of the default administrator credentials, as these can be utilized to create tens of thousands of identical router copies. Locate the relevant item and add the updated information.
Sometimes the service provider blocks the administrator data from being changed arbitrarily, in which case you will need to contact him for assistance.
Modify or set the passwords to access the local network
You may chuckle, but occasionally a kind owner of a wireless router sets up an open access point that anybody can connect to. Pseudo-passwords like “1234” or common words that are set during network installation are far more frequently used for home networks. Establish the level of signal encryption, preferably WPA2, and create a very long password with letters, numbers, and symbols to reduce the possibility that someone can access your network with ease.
Turn off WPS
Wi-Fi Protected Setup (WPS) technology enables you to quickly and easily create a secure wireless connection between devices that are compatible without requiring complex setup; all you need to do is press the designated buttons on the router and device or enter a code.
But this useful system, which is typically enabled by default, has a flaw: WPS does not keep track of the amount of incorrect code attempts, so it can be “brute force” hacked by just brute-forcing it using basic tools. Finding the network password won’t be too tough once the WPS code has been used to access your network, which should take a few minutes to several hours.
As a result, locate the relevant item in “admin” and turn off WPS. Regretfully, adjusting the settings does not always effectively turn off WPS, and certain manufacturers do not offer this feature at all.
Modify SSID name
The name of your wireless network is represented by the SSID (Service Set Identifier). When different devices recognize a name and have the required passwords, they attempt to connect to the local network using that name that they have “remembered”. It is likely that your devices will attempt to connect to multiple nearby networks using the same name if you continue to use the default name assigned by your ISP, for instance.
Additionally, a router that broadcasts a standard SSID is more susceptible to hackers, who can target the specific flaws in such a configuration because they will be aware of the router’s model and typical settings. Consequently, pick a name that is as distinctive as you can without disclosing anything about the hardware manufacturer or the service provider.
In this instance, the frequently given advice to conceal the SSID broadcast—which is a standard feature on the great majority of routers—is in fact unworkable. In any case, every device attempting to connect to your network will look for the closest access points and may connect to networks that have been specifically “arranged” by hackers. Put another way, you only make life harder for yourself when you hide SSID.
Modify the IP of the router
Modify the router’s internal IP address (LAN) by default to further restrict unauthorized access to the web interface and its settings.
Turn off remote management
Many home routers have a remote administration feature that makes the router settings available over the Internet, primarily for the convenience of technical support. Therefore, it is preferable to disable this function if we do not want outside penetration.
However, if the hacker is within range of your network and has the login credentials, they can still access the web interface through Wi-Fi. Sadly, this feature is not very common. Some routers can limit access to the panel only when a wired connection is present.
Install a new firmware
Any respectable router manufacturer releases updated firmware (“firmware”) on a regular basis and works hard to improve the software on their devices. The majority of the bugs and vulnerabilities that have been found and fixed in the most recent versions pertain to stability issues.
Because of this, we highly advise that you install any available firmware updates on your router and check for them on a regular basis. Usually, you can use the web interface to accomplish this directly.
It is advisable to make a backup of your settings using the web interface, as the update may cause all of them to be reset to factory defaults.
Use the 5 GHz band instead
2.4 GHz is the base band used by Wi-Fi networks. For the majority of current devices, it offers reliable reception up to 400 meters outdoors and up to roughly 60 meters indoors. By reducing the range by two or three times, switching to the 5 GHz band will make it harder for outsiders to access your wireless network. You’ll experience better data transfer rates and connection stability with reduced band occupancy.
The fact that some devices are incompatible with IEEE 802.11ac Wi-Fi in the 5 GHz band is the only drawback to this solution.
Turn off the features of UPnP, SSH, Telnet, PING, and HNAP
Look for these features in the router’s settings and turn them off if you have no idea what these acronyms mean and are unsure if you’ll need them. Stealth mode, which makes the ports “invisible” and ignores requests and “pings” when you attempt to access them from the outside, is preferable to closing the ports if at all possible.
Turn the firewall on your router on
We advise turning on the built-in firewall on your router if one exists. It is not impenetrable, of course, but it can withstand attacks fairly well when used in conjunction with software tools—including the built-in Windows firewall.
Turn off the MAC address filter
Although it might initially appear that restricting network access to devices with particular MAC addresses assures security, this isn’t actually the case. Furthermore, it exposes the network to even the least resourceful hackers. Since MAC addresses are transmitted in the data stream without encryption, an attacker can easily obtain a list of them if they are able to trace incoming packets. Even for a layperson, spoofing a MAC address is not difficult.
Change your DNS server of choice
You can use a different DNS server, like Google Public DNS or OpenDNS, in place of your ISP’s DNS server. This has the potential to improve security while also speeding up the production of web pages. For instance, OpenDNS uses unique algorithms based on Big Data to anticipate and stop a variety of threats and attacks in addition to blocking viruses, botnets, and phishing requests on any port, protocol, and application. All that Google Public DNS offers is a fast DNS server without any extra features.
Set up substitute “firmware”
Finally, installing firmware that was written by enthusiasts rather than the router’s manufacturer is a drastic step for someone who knows what they’re doing. Generally speaking, such “firmware” not only increases the device’s functionality (often by supporting professional features like QoS, bridge mode, SNMP, etc.) but also strengthens its security against vulnerabilities, sometimes at the cost of non-standardization.