The WiFi router is the most important device at home, connecting all the computers and gadgets in our home network to the Internet, keeping us online. Yet few of us care about the router, only remembering its existence when we need to restart it, because we only appreciate something when we lose it. This lack of care for the router, the main gateway to your network, makes it a prime and easy hacking target. If an attacker breaks in your router, they can use it to perform illegal activities, slow down your internet, and monitor and tamper with your devices and online activities.
At Netonomy we love routers, we have hundreds of them at our labs, and we want you to love and care for them too. So this Wednesday’s Cyber Hygiene post will provide tips to implement basic security settings. These are not hacker-proof settings, but bare minimum cyber hygiene practices. They are easy to set-up, so follow along!
First you will need to access your router’s web interface, to do that you will need to find your router’s IP address, which is written as four numbers separated by periods (e.g. 192.168.1.1). Sometimes this number is written at the bottom of your router, otherwise, search for it online or try this handy list. Once you have the IP address, connect your computer to the router with a LAN cable, and type the router IP address on your web browser. You will be redirected to the Router’s Settings page. That was the hardest part, now it only gets easier.
Under the Security Settings, look for the following options:
Password: Default passwords are a huge problem with digital devices and routers are no exception; make sure to create a unique password, with a combination of letters, numbers and symbols. Change it periodically.
Encryption: Depending on your router, you will have a few options for encryption, these are the most common ones in declining order of effectiveness:
- Wired Equivalent Privacy (WEP): The oldest and most popular form of router encryption available, also the least secure of them all.
- Wi-Fi Protected Access (WPA): An improvement to WEP’s shortcomings.
- Wi-Fi Protected Access 2 (WPA2): The most secure encryption available at the moment. Select WPA2 if available.
- Advanced Encryption Standard (AES): Use AES on top of WPA2 or WPA. This is the same type of encryption used by the federal government to secure classified information.
Note: for compatibility with some older devices, such as gaming consoles, TiVo, and other network devices, WEP may be the only security option possible to use. Using WEP is still better than no security at all.
Firewall: While this setting is usually enabled by default, make sure that it’s activated for an added layer of cyber hygiene.
WiFi Protected Setup (WPS): If available, this setting is usually turned on. Originally created to make it easier to setup an encrypted wireless connection without passwords, its very nature made it quite easy to crack, and we recommend turning it off. Please note even turning it off might not be enough, with WPS continuing to work despite having been disabled.
SSID name: This is the name that identifies your router. Avoid leaving a default SSID name, such as the name of your router model, as this information makes it easier for attackers to break in. Also avoid using your family’s name or any other personally identifiable information. Be creative!
SSID broadcast: Your router is always broadcasting its name publically to make it easy to find. However, if you wish to make it harder for snoops to find your network, disable SSID broadcast. This will require that you manually enter your SSID name when connecting new devices to the network.
MAC Filter: When enabled, this option allows devices to connect only if their MAC addresses have been pre-entered in the filter list. A nice tip when setting this up is to have your devices connected prior to enabling MAC filter, open the DHCP client table (often found in the Status or Local Network section) and copy-paste all their MAC addresses into the filter.
Remote administration: This setting is usually found in the Administration Settings.
Unless you intend to remotely configure your router, disable remote access to the settings, you will still be able to configure your router via a wired connection.
Firmware update: Lastly, like all digital devices, make sure you check for firmware updates frequently to stay up to date with the latest security patches and reduce your vulnerability.
As aforementioned, these are not hacker-proof security settings, but basic cyber hygiene tips to add a layer of security. If you want true network security and control, you must install solutions like Netonomy’s, or buy an expensive router with a security-focus. However, these easy-to-implement cyber hygiene practices are a first step in the right direction, and we recommend implementing them to make it harder for would-be-attackers to break into your network.
Tune in every Wednesday for more cyber hygiene tips you can implement in your network!