If you have just taken the leap and have invested in a new home router, firstly, well done! By this one act, you will increase the security of your home network and everything connected to it. However, even once you have connected everything up to it, your work is not done. There are five quick configuration changes you need to take care of before you are truly secure.
While many ISP routers are pretty decent, they all use well-known hardware and software. They also tend to be the cheapest possible with low-power Wi-Fi receivers and average security at best. By upgrading to a third-party router, you upgrade your home network in every possible way.
Setting up your home router
Home networking is easier than it has ever been as most devices are plug and play. Connect your router to your modem (if you have one) plug it into the mains, connect any Ethernet cables to your devices to the LAN side of the router and you should be connected to the internet already. If you use an ISP router as well, you may need to change its setting to modem mode but that depends on the ISP device. A quick check with the ISP will tell you.
So what are those five things you must do to secure your new home router?
- Update the firmware
- Change the default login
- Implement Wi-Fi encryption
- Disable remote access
- Change the SSID
Update the firmware
Like the operating system that runs your computer or smartphone, firmware runs your router. Depending on the manufacturer, the router you have may have been in storage for a few months before being sold. Firmware updates may have been released that fix bugs, add new features or improve security. All of which you want to benefit from.
When you connect to your router through your browser (usually https://192.168.1.1) you may be alerted to a firmware update being available. Otherwise, find device administration or a tab that sounds likely and explore.
The methodology will differ slightly between routers but usually involves either downloading directly from the manufacturer website or downloading a file to your computer and then upload it to the router. The router will load the new firmware, do a hard reboot and then reload. It will also return all settings to factory defaults which is why doing this step first is a good idea.
Change the default login
Most routers, like ISP versions, ship with a default login and password (usually admin and admin). After updating your firmware which resets those back to default, it is time to change them. This is the single most effective way to secure your network. Hackers know the default logins for most, if not all, consumer routers so changing it is vital. Visit this site to see what I mean.
Some routers will prompt you to change the login right away, others will not. Either way, go to user administration and change both the login name and password. Use a practical but complicated password if you can. Use a mixture of upper and lower case, special characters and numbers. The more complicated you can make it while keeping it memorable, the better.
Implement Wi-Fi encryption
Most good quality routers will now have Wi-Fi encryption set by default but you must check. Make sure your router is using WPA2 encryption and that you change the Wi-Fi password while you’re at it. Passwords can be up to 63 characters long and as long as you can remember it, I recommend using as many of those characters as possible.
Most routers offer the option of WPA, WPA2 and WEP. The only one to use is WPA2 as the others are too easily cracked. Whether you use TKIP or AES for the other side depends on what options you are presented. Either will work as long as it is preceded by WPA2.
If your router comes with a guest network, either disable it completely or perform the same steps for that. Guest networks are an often overlooked vulnerability so take care of it now.
Disable remote access
If you run a complicated network or often like to troubleshoot from somewhere else you may benefit from leaving remote access enabled. For the other 99.9% of home router owners, it is another back door into your network that you need to close. If a hacker manages to access the router remotely, they then have control over every aspect of it. They can turn off encryption, change your passwords and perform any action they choose.
Find remote access within the device management section of the firmware and disable it. This will close the door to one of the more significant back doors open on your router.
If you are of that .1% then you will already know that an incredibly complicated password is the minimum required to secure it.
Change the SSID
The SSID is the network name that is broadcast by the router. It is provided with a default name such as ‘wireless’ or words to that effect. If you live in an apartment or somewhere where there are a lot of wireless networks this can cause confusion. If for example, your router manufacturer has named it, they could have called it ‘Asus-wireless’ or something like that. Telling a hacker immediately what device is being used and what to check for default logins.
Change it to something identifiable but innocuous. Call it what you like but make sure it does not identify you, your family, company, device type or manufacturer. Other than that, it’s fair game.
There are other security measures you can take such as changing IP addresses and subnets, changing Wi-Fi channels, disabling UPnP or WPS but these five steps will do you the most good for the least amount of effort. Even just changing the default login will go a long way to protecting your network. Follow all five steps and you seriously increase the security and safety of your home network and everyone who uses it.
If you need help setting up a home network or a router, contact us here at Dave’s Computers. We would be happy to help!