Cybercriminals are always on the hunt for vulnerable routers. Your router, after all, is your main portal to the internet. It is an essential component in our internet-connected households and businesses.
Hackers are often on the lookout for poorly configured routers that can be used for nefarious activities like information theft, hijacking or piracy.
It is not just about the potential loss of bandwidth, slowdowns or botnet attacks. Securing your router can also shield you from unwelcome connections that may be using your network for illegal activities. Remember, when law enforcement traces the illegal activity, you – the router’s owner – are left being held responsible.
Here are various ways to shield your router from attacks, making it harder to infiltrate and hack.
1. Update your firmware regularly
With hackers constantly looking for firmware flaws to exploit, keeping your router’s firmware up to date is a must.
Updating your router’s firmware is not as hard as it sounds. Once you’re in your router’s admin page, check for a section called “Advanced” or “Management” to check for firmware updates, then just download and apply as required.
Router firmware updates require a restart so make sure you do not have ongoing activities that require a network connection when you apply the update. Make an appointment now on your calendar. You should check for router firmware updates at least once every three months.
2. Turn on wireless security
On your router’s administration console, secure your wireless network by turning on encryption. Turning on encryption means no one can log into your network without the password.
Every router has a different menu layout, but you should be able to find encryption under the “Wireless” or “Security” menu.
You’ll have a number of encryption options, but you want to select one that starts with “WPA2.”
“WPA2-PSK AES” is the newest and most secure. If you have older Wi-Fi gadgets, you might have to select the hybrid option “WPA2-PSK AES + WPA-PSK TKIP” to get them working.
If the only encryption options your router has are WEP or WPA, tell your router to check for a firmware update. Look in your manual for the instructions.
If there’s no firmware update or your router updates but you’re still stuck with WPA or WEP, it’s time to buy a new router. These encryption methods are too unsafe to use, plus it means your router is probably more than seven years old.
3. Change your passwords
When you installed your router, did you remember to do this one critical step – changing its default administrator password?
Maybe you’re thinking you don’t need to protect yourself with a password because no one lives nearby. Or maybe it’s wired, not wireless, so you’re thinking you’re not in danger.
Both those assumptions are wrong. If you have not secured your Wi-Fi network properly, anyone can walk or drive up to your property and use your signal, and you don’t know what they’re using it for. Plus, even wired routers connect to the internet, so they are vulnerable to hackers.
Basically, if someone other than you can get in your router’s admin page, then he/she can change any setting they want.
Additionally, maybe you don’t have a guest network set up and you keep giving away your Wi-Fi encryption password to friends and visitors, it’s wise to reset that password regularly. It’s a pain to set up all your gadgets to your network again but this simple change purges everyone who shouldn’t have access to your Wi-Fi.
4. Turn on MAC filtering/Assign static IP addresses
To keep a tighter rein on what gadgets can connect to your Wi-Fi network, you can try these additional tricks.
First, disable the DHCP server of your router. DHCP assigns IP addresses to your network’s gadgets automatically and turning this off means you will have to assign static IPs. The downside of this method is the inconvenience and it takes a bit of technical skill to pull this off. The good thing about this is that you’ll have a map of all your connected gadgets and their corresponding IPs.
To take this a bit further, turn on MAC (Multimedia Access Control) filtering. With MAC filtering on, you can specify which MAC addresses will be allowed to connect to your network.
If you can recall, a MAC address is a unique code identifier that is assigned to each gadget’s network interface. MAC addresses can usually be found in the gadget’s settings, label or manual. Look for a set of 16 alphanumeric characters. (Here’s an example of what a MAC address will look like: 00:15:96:FF:FE:12:34:56 )
Again, the downside with MAC filtering on is that you’ll need the MAC addresses of all the gadgets that will be connecting to your network, including your guests’ and visitors’ gadgets.
5. Hide your network name
If you’re worried about “wardrivers” or people roaming around looking for Wi-Fi spots to hack, you can disable the broadcasting of your network and your guest network’s name (SSID) entirely.
With this method, your guests will have to get both network name and password from you and type it manually to connect to your Wi-Fi network. It’s a bit more work but at least it gives you another layer of protection against casual snoopers.
To do this, look for an advanced setting called “SSID broadcasting” on your router’s admin page, then turn it off.
6. Check your DNS settings
Another way cybercriminals can take over your router is by DNS hijacking. What these clever hackers do is insert rogue DNS servers so your traffic is directed to unsafe servers instead of the secure servers your internet service provider gives you.
This means cybercriminals can then redirect you to fake versions of the websites that you’re attempting to visit. For example, if your router’s DNS settings have been hijacked, each time you visit your online bank’s website, you’ll be redirected to a phishing website instead.
Criminals can also use DNS hijacking to modify the ads that you see while browsing. Instead of the regular ads that you should be getting, they can be replaced with inappropriate or malicious ones.
This opens you up to a whole world where all your personal information is vulnerable and your system’s chances of getting infected with malware go up.
To check your router’s DNS settings, you can use an online tool. For more security, consider changing your DNS server to one with advanced hijacking protection like Quad9.
7. Turn on your guest network
There is another simple way to protect your more critical personal devices, like your personal computers, smartphones and tablets, from untrusted gadgets. Just put them on a separate network that’s different from your main one.
You can do this by setting up a completely different Wi-Fi router or by simply enabling your router’s “Guest Network” option, a popular feature for most routers.
Guest networks are meant for visitors to your home who might need a Wi-Fi internet connection but you don’t want them gaining access to the shared files and devices within your network.
This segregation will also work for your smart appliances and it can shield your main devices from specific Internet-Of-Things attacks.