Router hardening is an IT security term that essentially means locking it down for maximum security. There are some simple ways to protect your home network from intrusion that involve nothing more than changing a couple of settings on the router. As most routers provided by your ISP are inadequate when it comes to security, it’s up to us to go the extra mile.
As the guys here at Dave’s Computers spend a lot of time clearing up after hacks on people’s computers, I think this topic is well worth exploring.
Unless you use an enterprise level router costing thousands of dollars, you will likely have a home router supplied by your ISP or one you bought from a store. The default settings are okay for getting your network up and running quickly but not so much for keeping you secure.
The good news is that it is relatively simple to upgrade the security on your wired or wireless network. The bad news is that different router manufacturers call the different settings different things. So while I may say ‘Navigate to Connectivity and change your SSID’, the menu on your router may not say Connectivity. It may take a little checking to see what yours is called.
So down to router hardening.
First you need to log into your router. Usually this is done through the browser either at a dedicated web page or at a specific IP address. The IP address may be on a sticker on your router or in the manual, If not, in Windows, open a CMD window and type ‘ipconfig /all’ and hit Enter. Look for the default gateway address and type that into your browser.
The router login will also usually appear on a sticker on the router or in the manual. If you haven’t changed these before, try ‘admin’ and ‘admin’ for the username and password. Or check online.
Once logged into the router, have a good look around to explore the interface. You won’t hurt anything by just looking. Then:
- Find the administration panel and select the option to back up your configuration.
- Follow the wizard if there is one to save a copy of your router configuration in case something goes wrong.
- Save it somewhere safe.
Then you’re going to want to change some settings. Make each change and then save it before moving on to the next.
Username and/or password
Some routers will let you change the username and password to log into it, some will only let you change the password. Change yours to something complicated. Remember to record the new password somewhere safe.
Change the SSID
The SSID is also called the network name and is usually a simple pattern that is very basic. While minor in its security impact, it is well worth doing. Make sure it’s not identifiable like ‘TheSmithsnetwork’. Change the SSID and save the changes.
Change the wireless password
If you have a wireless router, change the password for wireless access while you’re there. This is the password you have to enter when you want to join your network wirelessly. Again, make it as complicated as practical and record it somewhere.
Turn off uPnP and WPS
In your wireless settings, you may have the option for Universal Plug n Play and WPS, Wireless Protected Setup. Disable both as they are a significant security risk. That is especially true if you’re in a dorm or shared house.
Turn off guest networks unless you use them
Some routers have the option for guest networks to allow you to access the internet without accessing the internal network. While fine in theory, a good hacker will easily be able to access your other computers from a guest network so turn it off unless you specifically need it.
Turn off Port Forwarding or DMZ
Both Windows and Mac OS shouldn’t need port forwarding to be enabled any more. It’s a legacy setting that you should only use if absolutely necessary. Port Forwarding and DMZ are the same thing and it depends on what your manufacturer calls it.
Now you have made those changes your home network is significantly more secure than before. They are some simple changes you can make to make your home network safer. I hope you find them useful!