{"id":4529,"date":"2018-07-20T21:47:32","date_gmt":"2018-07-20T16:17:32","guid":{"rendered":"https:\/\/qadit.com\/blog\/?p=4529"},"modified":"2018-07-20T21:47:32","modified_gmt":"2018-07-20T16:17:32","slug":"how-to-make-your-wifi-router-as-secure-as-possible","status":"publish","type":"post","link":"https:\/\/qadit.com\/blog\/how-to-make-your-wifi-router-as-secure-as-possible\/","title":{"rendered":"How to Make Your Wifi Router as Secure as Possible"},"content":{"rendered":"<figure>\n<div>\n<div><img decoding=\"async\" src=\"https:\/\/i.kinja-img.com\/gawker-media\/image\/upload\/s--GszlRB08--\/c_scale,f_auto,fl_progressive,q_80,w_800\/lz9qtimxjnwpsh6ac13a.png\" width=\"600\"><\/div>\n<\/div>\n<\/figure>\n<p>Though more router manufacturers are making routers easier to set up and configure\u2014even via handy little apps instead of annoying web-based interfaces\u2014most people probably don\u2019t tweak many options after purchasing a new router. They log in, change the name and passwords for their wifi networks, and call it a day.<\/p>\n<p>While that gets you up and running with (hopefully) speedy wireless connectivity, and the odds are decent that your neighbor or some random evil Internet person isn\u2019t <em>trying<\/em> to hack into your router, there\u2019s still a lot more you can do to boost the security of your router (and home network).<\/p>\n<div>\n<div>\n<div>\n<p><small>Advertisement<\/small><\/p>\n<div>\n<div><\/div>\n<div><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<p>Before we get into our tips, one quick caveat: Wireless routers all have different interfaces, different ways they name their settings, and different settings you can adjust. For this article, I\u2019ll be poking around the interface of a TP-Link Archer C7. You\u2019ll want to explore around your router\u2019s web-based configuration screen (or app) to make sure you\u2019ve adjusted all the right settings, but it\u2019s possible you won\u2019t be able to do everything we\u2019ve detailed below.<\/p>\n<h3>Accessing your router\u2019s settings<\/h3>\n<p>If your router doesn\u2019t have an easy-to-use app for configuring its settings\u2014like what you typically encounter when buying a mesh-networking system\u2014you\u2019ll probably access its settings by pulling up a web browser (on a device that\u2019s connected to your router) and typing in your router\u2019s IP address:<\/p>\n<ul>\n<li>On a Windows system, pull up the command prompt and type in <code>ipconfig<\/code>. The IP address that\u2019s listed as your default gateway is likely your router\u2019s IP address.<\/li>\n<li>If you\u2019re on a Mac, pull up System Preferences &amp;gt; Network, and click on Advanced in the bottom-right corner. Click on the TCP\/IP option toward the top of the next window and look for your router\u2019s IP address.<\/li>\n<li>If you\u2019re on your iPhone, tap on Settings, then Wi-Fi, and tap on the \u201ci\u201d icon next to the wifi network you\u2019re connected to. Your router\u2019s IP address should be listed right there.<\/li>\n<\/ul>\n<h3>Step One: Update your firmware<\/h3>\n<p>Some routers bury firmware updates deep in their settings menus; some might even notify you about a new firmware update the moment you log into their apps or web-based user interfaces. However you find the option, you\u2019re going to want to make sure that your router is running the most up-to-date firmware.<\/p>\n<div>\n<div>\n<div><\/div>\n<\/div>\n<\/div>\n<div><\/div>\n<div>\n<div>\n<div>\n<p><small>Advertisement<\/small><\/p>\n<div>\n<div><\/div>\n<div><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<p>If you\u2019re lucky, your router will be able to download new firmware updates directly from its manufacturer. You might have to click on a button (or two) to start this process, or this might happen automatically\u2014routers that do the latter are great, because most people don\u2019t really think about \u201cchecking to see if my favorite tech gear has updated firmware\u201d on a regular basis, if ever.<\/p>\n<figure>\n<div>\n<div><img decoding=\"async\" src=\"https:\/\/i.kinja-img.com\/gawker-media\/image\/upload\/s--zZouZW_h--\/c_scale,f_auto,fl_progressive,q_80,w_800\/sj1fytlzwrwt6tslsi3j.png\" width=\"600\"><\/div>\n<\/div>\n<\/figure>\n<p>It\u2019s also possible that your router will require you to upload new firmware yourself. If so, you\u2019ll have to download the right firmware from the router\u2019s manufacturer\u2014likely on a support page for your router\u2014and manually update the router by browsing for this firmware file and starting the update process yourself. You\u2019ll have to do this each time you want to update your router with new firmware, which means you\u2019ll have to check for new firmware fairly regularly, perhaps a few times a year. It\u2019s a laborious process that\u2019s easily forgotten, but it\u2019s also important if you want to keep your router protected from external threats.<\/p>\n<h3>Change your router login and password<\/h3>\n<p>If you\u2019re still using \u201cadmin \/ admin,\u201d \u201cadmin \/ password,\u201d or some variant of generic words to log into your router, change that. Even if your router manufacturer has given you a quirkier password that presumably differs for everybody, it\u2019s important to use a login and password that\u2019s <a rel=\"nofollow\" href=\"https:\/\/lifehacker.com\/how-to-create-secure-passwords-that-arent-impossible-to-1825048324\">tough to guess or brute-force<\/a>. <\/p>\n<figure>\n<div>\n<div><img decoding=\"async\" src=\"https:\/\/i.kinja-img.com\/gawker-media\/image\/upload\/s--uuCN9fCq--\/c_scale,f_auto,fl_progressive,q_80,w_800\/ttf2nfbolavrzc6o9wed.png\" width=\"600\"><\/div>\n<\/div>\n<\/figure>\n<p>Even if you\u2019re stuck using \u201cadmin\u201d as a user name to log in, make your password something complex, not something anyone can look up via a quick web search.<\/p>\n<h3>Use WPA2 to secure your wireless network<\/h3>\n<p>It almost goes without saying, but don\u2019t use WEP when you\u2019re setting up a password for your wifi network. Passwords \u201cprotected\u201d with the WEP encryption are a lot easier to brute-force attack than those encrypted with WPA2. Even though you probably don\u2019t have someone hanging out on your street corner, wardriving everyone\u2019s wireless networks, there\u2019s no reason to not use <a rel=\"noopener\" href=\"https:\/\/www.linksys.com\/ca\/support-article?articleNum=139152\" target=\"_blank\">the stronger WPA2 protocol<\/a>\u2014unless you have an old device that simply can\u2019t handle WPA2, which is unlikely. And whatever you do, don\u2019t run an open (password-free) wifi network. <a rel=\"noopener\" href=\"https:\/\/www.youtube.com\/watch?v=31g0YE61PLQ\" target=\"_blank\">My god<\/a>.<\/p>\n<figure>\n<div>\n<div><img decoding=\"async\" src=\"https:\/\/i.kinja-img.com\/gawker-media\/image\/upload\/s--q0InWCTl--\/c_scale,f_auto,fl_progressive,q_80,w_800\/m4fkbqxq7khnby2azdjk.png\" width=\"600\"><\/div>\n<\/div>\n<\/figure>\n<h3>Turn off WPS<\/h3>\n<p>On paper, WPS\u2014or Wi-Fi Protected Setup\u2014sounds great. Instead of having to type in a long, reasonably complex wifi password on a device, you can just type in a smaller PIN number, likely printed directly on your router. <\/p>\n<div>\n<div>\n<div>\n<p><small>Advertisement<\/small><\/p>\n<div>\n<div><\/div>\n<div><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<p>Guess what? These PIN numbers are much easier to brute-force attack than a more complicated password or passphrase. While a number of routers will time out an attacker after they botch a certain number of password attempts, that hasn\u2019t stopped <a rel=\"noopener\" href=\"https:\/\/null-byte.wonderhowto.com\/how-to\/hack-wpa-wpa2-wi-fi-passwords-with-pixie-dust-attack-using-airgeddon-0183556\/\" target=\"_blank\">more ingenious WPS attacks<\/a> from surfacing. The easiest way to prevent these kinds of shenanigans is to just disable WPS entirely.<\/p>\n<figure>\n<div>\n<div><img decoding=\"async\" src=\"https:\/\/i.kinja-img.com\/gawker-media\/image\/upload\/s--Kr7Pk_mW--\/c_scale,f_auto,fl_progressive,q_80,w_800\/chacxnatzpfv7crlytgd.png\" width=\"600\"><\/div>\n<\/div>\n<\/figure>\n<p>Yes, you\u2019ll have to type in your password. Yes, it\u2019ll be annoying. It\u2019s an extra minute of your life. You\u2019ll be fine. Or, if you truly cannot handle this process, check to see if your router allows you to use <a rel=\"noopener\" href=\"https:\/\/kb.netgear.com\/19824\/How-do-NETGEAR-Home-routers-defend-WiFi-Protected-Setup-PIN-against-brute-force-vulnerability\" target=\"_blank\">push-button WPS<\/a> instead of PIN-based WPS. That way, you\u2019ll have to physically press buttons on your router and any devices you want to connect, which will make it a lot trickier for someone to exploit WPS and break into your network.<\/p>\n<h3>Use a better DNS<\/h3>\n<p>Browse the web a little bit faster by switching away from your ISP\u2019s DNS and using a service like <a rel=\"noopener\" href=\"https:\/\/developers.google.com\/speed\/public-dns\/\" target=\"_blank\">Google DNS<\/a>, <a rel=\"noopener\" href=\"https:\/\/1.1.1.1\/\" target=\"_blank\">Cloudflare<\/a>, or <a rel=\"noopener\" href=\"https:\/\/www.opendns.com\/setupguide\/#familyshield\" target=\"_blank\">OpenDNS<\/a>. As an added bonus, you\u2019ll also increase the likelihood that you actually <a rel=\"noopener\" href=\"https:\/\/www.brontobytes.com\/blog\/advantages-google-public-dns\/\" target=\"_blank\">make it to the websites you\u2019re trying to visit<\/a> without any man-in-the-middle attacks, popups, redirects, interstitials, or annoying \u201cyou made a typo in your web address so we\u2019re going to redirect you to a webpage filled with spam and ads\u201d that your ISP might use. <\/p>\n<div>\n<div>\n<div>\n<p><small>Advertisement<\/small><\/p>\n<div>\n<div><\/div>\n<div><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<p>If you want to get really crafty, you can drop a service like OpenDNS on your kid\u2019s laptop, enable parental controls to keep them off time-sucking websites like Tumblr and Reddit, and give yourself a different DNS provider (like Google DNS) to browse the web without any restrictions. Your child will hate you, but at least they\u2019ll turn out to be a rocket scientist with 27 inventions instead of a Twitch streamer with 3 followers.<\/p>\n<figure>\n<div>\n<div><img decoding=\"async\" src=\"https:\/\/i.kinja-img.com\/gawker-media\/image\/upload\/s--hPVUp4qc--\/c_scale,f_auto,fl_progressive,q_80,w_800\/x4ugnrngb4tyj85qwelp.png\" width=\"600\"><\/div>\n<\/div>\n<\/figure>\n<h3>Consider using MAC filtering, annoying as it might get<\/h3>\n<p>While it\u2019s easy for an attacker to spoof a MAC address, you can at least give yourself a little extra security by setting up your router to only allow devices to connect that appear on a whitelist. This filtering is based on each device\u2019s MAC address\u2014a long string of letters and numbers that looks something like \u201c00-11-22-33-44-55.\u201d <\/p>\n<figure>\n<div>\n<div><img decoding=\"async\" src=\"https:\/\/i.kinja-img.com\/gawker-media\/image\/upload\/s--68xKP5Ef--\/c_scale,f_auto,fl_progressive,q_80,w_800\/rj7oxzhwfvoooeznhn92.png\" width=\"600\"><\/div>\n<\/div>\n<\/figure>\n<p>While this means that you\u2019ll need to go in and add any new devices you purchase whenever you want them to be able to connect to your router, it also means that devices you don\u2019t authorize won\u2019t be able to do squat. Like I said, though, MAC addresses are <a rel=\"noopener\" href=\"https:\/\/github.com\/feross\/spoof\" target=\"_blank\">easy to spoof<\/a>, so if this tip gets more annoying than practical, feel free to disable MAC filtering. You\u2019ll be OK.<\/p>\n<h3>Consider scheduling your wifi<\/h3>\n<p>If you work a pretty normal schedule during the week and you have no reason to remotely connect to your home devices, consider using your router\u2019s scheduling mechanism\u2014if it has one\u2014to just turn off your wifi when you aren\u2019t home. <\/p>\n<div>\n<div>\n<div>\n<p><small>Advertisement<\/small><\/p>\n<div>\n<div><\/div>\n<div><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<p>This isn\u2019t the most practical tip if you have a bunch of smarthome devices that <em>need<\/em> the Internet, like if you want to be able to turn the lights on and off to piss off your cat or you want to be able to watch a delivery driver drop off the expensive package you ordered. If you live a relatively simple life\u2014no harm there\u2014and nothing really needs Internet connectivity when you aren\u2019t around, then why power up your wifi for no reason? It\u2019s hard to hack into a network that doesn\u2019t exist.<\/p>\n<h3>Disable potentially sketchy services<\/h3>\n<p>You probably don\u2019t need to mess with your router\u2019s settings when you aren\u2019t actively connected to your wireless network. If your router has some kind of an option for \u201cremote management\u201d or \u201cremote administration\u201d make sure it\u2019s disabled.<\/p>\n<figure>\n<div>\n<div><img decoding=\"async\" src=\"https:\/\/i.kinja-img.com\/gawker-media\/image\/upload\/s--r1lKFT7F--\/c_scale,f_auto,fl_progressive,q_80,w_800\/dxtj67utfhh2rnlsck4i.png\" width=\"600\"><\/div>\n<\/div>\n<\/figure>\n<p>You should also consider disabling UPnP on your router, although this might <a rel=\"nofollow\" href=\"https:\/\/lifehacker.com\/prevent-dns-rebinding-attacks-by-adjusting-your-router-1827022291\">give you a little grief<\/a> when you\u2019re gaming or running BitTorrent\u2014to name two examples. Still, when an entire website is dedicated to the various ways <a rel=\"noopener\" href=\"http:\/\/www.upnp-hacks.org\/upnp.html\" target=\"_blank\">one can exploit UPnP for nefarious purposes<\/a> &#8230; maybe it\u2019s time to go back to manually forwarding ports, if needed.<\/p>\n<div>\n<div>\n<div>\n<p><small>Advertisement<\/small><\/p>\n<div>\n<div><\/div>\n<div><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<p>Some routers also let you set up an FTP server so you can transfer files in and out of your network. However, we live in an era when it\u2019s easy to use <a rel=\"nofollow\" href=\"https:\/\/lifehacker.com\/which-cloud-storage-service-should-you-use-1822761662\">any number of cloud storage providers<\/a>\u2014or file-uploading services\u2014to share your files. <a rel=\"noopener\" href=\"https:\/\/routersecurity.org\/turnoff.php\" target=\"_blank\">You probably don\u2019t need to run an FTP at home<\/a>, and it\u2019s a lot safer to disable this feature entirely (if your router supports it). <\/p>\n<p>You also likely don\u2019t need to access your router over SSH or Telnet\u2014turn either off, if offered\u2014nor do you probably need to access any USB-connected printers or storage when you aren\u2019t at home. In short, if your router lets you do something from afar, consider turning the feature off (if you can). The fewer ways you can access your home network when you aren\u2019t in it, the harder it\u2019ll be for someone else to take advantage of a vulnerability and access your router (or your home network). <\/p>\n<p>If you can, consider disabling your router\u2019s cloud functionality as well. While it might be useful to be able to edit your router\u2019s settings by logging into the manufacturer\u2019s cloud service, it\u2019s just one more open door that an attacker could use to compromise your router (or network). While you have no choice with some routers\u2014typically mesh routers\u2014it\u2019s always better, and safer, to log into a router\u2019s web-based UI manually from a device that\u2019s connected to your home network, even though it\u2019s a lot less convenient.<\/p>\n<h3>Consider a separate wifi network for guests <em>and<\/em> smart-home devices<\/h3>\n<p>I\u2019ve been playing, testing, and reviewing routers for more than a decade, and I still have yet to meet someone who uses their router\u2019s guest network feature. Heck, I don\u2019t think I\u2019ve ever even connected to a friend\u2019s \u201cguest network\u201d in their home or apartment. <\/p>\n<div>\n<div>\n<div>\n<p><small>Advertisement<\/small><\/p>\n<div>\n<div><\/div>\n<div><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<p>Still, the premise of a guest network is great, security-wise: Your router automatically sets up a second SSID for friends to use, and any device connecting to it is walled off from other devices on your primary network, either plugged into your router directly or connected wirelessly. (Most routers let you adjust whether you want guests to see everything, each other, or nothing, if you need to customize your setup a bit.)<\/p>\n<figure>\n<div>\n<div><img decoding=\"async\" src=\"https:\/\/i.kinja-img.com\/gawker-media\/image\/upload\/s--P695HshO--\/c_scale,f_auto,fl_progressive,q_80,w_800\/kxsog9lm5zg60d5b01iy.png\" width=\"600\"><\/div>\n<\/div>\n<\/figure>\n<p>A guest network comes with an added bonus, too; you can <a rel=\"noopener\" href=\"https:\/\/www.nytimes.com\/2017\/02\/01\/technology\/personaltech\/stop-hijacking-home-devices.html\" target=\"_blank\">use it for all of your less-secure smart-home devices<\/a>. If someone takes advantage of a vulnerability in your smart lightbulb and breaks into your network, there will still be a layer of protection between your hacked device and your desktop PC, smartphone, and laptop\u2014to name a few examples. While you can also get crazy and segment off your network with <a rel=\"noopener\" href=\"https:\/\/www.lullabot.com\/articles\/invaders-securing-a-wifi-camera-at-home\" target=\"_blank\">separate SSIDs and VLANs<\/a>, if your router supports it, this is an easier method that won\u2019t give you a weekend\u2019s worth of headaches (if you don\u2019t know what you\u2019re doing).<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"1\" alt=\"\" src=\"http:\/\/feeds.feedburner.com\/~r\/lifehacker\/vip\/~4\/mPgeoXliljk\" height=\"1\"><\/p>\n<p><b>Read the Full Article here: <a href=\"https:\/\/lifehacker.com\">&gt;Lifehacker<\/a><\/b><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Though more router manufacturers are making routers easier to set up and configure\u2014even via handy little apps instead of annoying web-based interfaces\u2014most people probably don\u2019t tweak many options after purchasing a new router. They log in, change the name and passwords for their wifi networks, and call it a day. While that gets you up &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/qadit.com\/blog\/how-to-make-your-wifi-router-as-secure-as-possible\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;How to Make Your Wifi Router as Secure as Possible&#8221;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false},"version":2}},"categories":[1],"tags":[293],"class_list":["post-4529","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-wonder-information"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p9AH7Q-1b3","_links":{"self":[{"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/posts\/4529","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/comments?post=4529"}],"version-history":[{"count":1,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/posts\/4529\/revisions"}],"predecessor-version":[{"id":4530,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/posts\/4529\/revisions\/4530"}],"wp:attachment":[{"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/media?parent=4529"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/categories?post=4529"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/tags?post=4529"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}