In the name of online security, you may be religiously keeping all your devices and applications up-to-date. That’s an excellent habit, but there might be one critical device you haven’t checked since you installed it. It’s that one device that acts as your gatekeeper for all the data going in and out of your home.
We’re talking about your router, that little device you connect your devices to for internet access. It’s an essential component in every connected household, but we sometimes take it for granted.
For some people, routers are plug and play appliances that are relegated to a corner, to be checked on occasionally when our connections become unbearably slow, or maybe rebooted sometimes to make sure the blinking lights say all systems go.
But consider what is connected to your network. You have your computer, tablet, phone and television, for starters. Add to this the surge in smart home you-name-its from cameras, lamps, refrigerators, to even a Wi-Fi lightbulb that comes with an app.
All of these modern conveniences have a price — if you’re not careful, they can all be exploited with a misconfigured router.
This is why it’s important to check your router settings and tweak them for your home network’s security’s sake. Don’t worry, it’s not that hard! Here are 5 router security settings you need to check for and enable before it’s too late.
First, check your router’s admin page
Before you start, make sure you can get into your router’s administration console. The administration console is where you manage your router’s settings and all that good stuff. From password management to firmware updates, this is where the magic happens. It may look intimidating at first but don’t worry, as long as you stay within the scope of these tweaks, you’ll be fine. Also, it’s a good idea to backup your router settings first and save them, just in case.
Getting to this console is relatively easy. First, make sure your computer is connected (either wired or wirelessly) to your router, then just open a web browser and type in the router’s IP address. The IP address is a set of numbers and the default depends on your router’s manufacturer. The common ones are 192.168.1.1, 192.168.0.1 or 192.168.2.1.
If you’re having trouble finding your router’s IP, consult your user manual or you can check online for lists such as routeripaddress.com.
Once you’re on the router administrator page, most of the time, you will have to enter a username and password to log in (while you’re at it, please change your router’s default username and password for obvious security reasons). That’s it.
1. The right encryption
Criminals love unsecured home Wi-Fi networks. Hackers are often on the lookout for poorly configured Wi-Fi networks that can be used for nefarious activities like information theft, hijacking or piracy. It is not just about the potential loss of bandwidth, slowdowns or botnet attacks. Securing your Wi-Fi network can also shield you from unwelcome connections that may be using your network for illegal activities.
This is why it’s important to protect your Wi-Fi network with strong encryption. If you are required to enter a password to connect to your Wi-Fi, then you already have some sort of encryption enabled on your router.
But is it the right kind of encryption? See, there are different types of Wi-Fi encryption, and you have to make sure that it’s the most secure one you can employ.
The most widely-used Wi-Fi security protocol right now is still Wi-Fi Protected Access 2 (WPA2) encryption. However, this standard is over a decade old and it is already susceptible to serious security vulnerabilities like 2017’s KRACK attack.
But if you’re shopping around for a new router, make sure you wait for a bit and look for one that supports the newest security standard called WPA3. These models have just started rolling out.
Setting up your router’s encryption is easy. Every router has a different menu layout, but you should be able to find encryption under the “Wireless” or “Security” menu.
You’ll have a number of encryption options, but if you still have an older router, you want to select one that starts with “WPA2”. If your router is not WPA 3 compatible, then “WPA2-PSK AES” is your best option right now. However, if you have older Wi-Fi gadgets, you might have to select the hybrid option “WPA2-PSK AES + WPA-PSK TKIP” to get them working.
Never choose Open (no security), or if it is using WEP, change the security setting immediately! Obviously, an open network will make it easy for someone to steal your Wi-Fi, and the older WEP security is easily hacked, so avoid it at all costs.
If the only encryption options your router has are WEP or WPA, tell your router to check for a firmware update. Look in your manual for the instructions.
If there’s no firmware update or your router updates but you’re still stuck with WPA or WEP, it’s time to buy a new router. These encryption methods are too unsafe to use, plus it means your router is probably more than 7 years old.
2. An additional network
There is another simple way to protect your more critical personal devices, like your personal computers, smartphones, and tablets, from untrusted gadgets. Just put them on a separate network that’s different from your main one.
You can do this by setting up a completely different Wi-Fi router or by simply enabling your router’s “Guest Network” option, a popular feature for most routers.
Guest networks are meant for visitors to your home who might need a Wi-Fi internet connection but you don’t want them gaining access to the shared files and devices within your network.
This segregation will also work for your smart appliances and it can shield your main devices from specific Internet-Of-Things attacks.
To avoid confusion with your main network, set up your guest network with a different network name (SSID) and password. Please, make sure you set up a strong and super-secure password on your guest network, as well. You still won’t want crooks and strangers mooching off it for security reasons.
Newer routers do this segmentation automatically. With this feature, it allows users to put Internet-of-Things appliances on a separate network, shielding your main computers and other personal gadgets from attacks.
With this virtual zoning of your network, you can still allow all your smart appliances and hubs to communicate with each other while keeping your main computing gadgets safe in the event of an Internet-0f-Things attack.
Also, if you’re worried about “wardrivers” or people roaming around looking for Wi-Fi spots to hack, you can disable the broadcasting of your network and your guest network’s name (SSID) entirely.
With this method, your guests will have to get both network name and password from you and type it manually to connect to your Wi-Fi network. It’s a bit more work, but at least it gives you another layer of protection against casual snoopers.
3. Parents’ built-in helpers
With all the questionable content freely available on the internet, it’s scary to think that teenagers and young children may have access to it at any time.
To shield your kids from dangerous and age-inappropriate sites and limit the time they can access the internet, most routers have built-in time-based restrictions, content filters, and parental controls.
To enable these filters, visit your router’s administrator page or app again and look for a section called “Parental Controls” or “Access Controls.” Here, you can choose what type of sites to disable access to, set the schedule when the filters are in effect and set curfew hours for certain gadgets.
You can even set filters for specific IP and MAC addresses. The downside of this method is the inconvenience and it takes a bit of technical skill to pull this off. The good thing about this is that you’ll have a map of all your connected gadgets and their corresponding IPs.
To take this a bit further, turn on MAC (Multimedia Access Control) filtering. With MAC filtering on, you can specify which MAC addresses will be allowed to connect to your network at certain times. Note: MAC addresses can usually be found in the gadget’s settings, label or manual. Look for a set of 16 alphanumeric characters. (Here’s an example of what a MAC address will look like: 00:15:96:FF:FE:12:34:56 )
4. Increased security
You probably know what a VPN (Virtual Private Network) is by now. We always talk about the benefits of a VPN since it is a good way to boost your online security and privacy.
With a VPN, your gadget’s IP address is hidden from websites and services that you visit, and you’re able to browse anonymously. Web traffic is also encrypted, meaning not even your internet service provider can see your online activity. It is a good way to hide your internet tracks from would-be snoops. Think of it as a middleman that provides a tunnel between you and the websites you’re visiting.
VPN services are typically accessed via software, but some newer routers can be configured with VPN capabilities straight into the router itself. With this method, instead of having each gadget protected by its own VPN service, your router will protect every device that’s connected to it.
Routers with this capability have open source router software support (such as DD-WRT) and they can be configured to use services like OpenVPN.
5. Better protection from hackers
One important tool that can protect your router from hackers is a firewall. With it, even if they manage to know your router’s location and IP address, the firewall can keep them from accessing your system and your network.
Almost every newer router has built-in firewall protections in place. They might be labeled differently, but look for features under your router’s advanced settings like NAT filtering, port forwarding, port filtering and services blocking.
With these controls, you can configure and specify your network’s outgoing and incoming data ports and protect it from intrusions. Be careful when tweaking your port settings though, since a wrong port setting can leave your router vulnerable to port scanners, giving hackers an opportunity to slip past.
To check if your router’s firewall and your ports are secure, you can use this online tool for a quick test.