Here are seven easy steps that you can take to lock down your wireless network security — and it won’t take more than five minutes, I promise. Taking a breach from Facebook or Reddit for one moment could protect you from many headaches down the road!.
1. Always Access Admin Panel on Wired :
Logging into your router’s administration panel is as simple as opening your web browser, typing in an IP address (or sometimes a URL), and entering the router’s admin username and password. This is all fine and dandy — unless you’re doing so on a wireless connection.
When logging into the admin panel over wireless, those login credentials are sent over the air, which offers potential for interception. If you only ever log in while connected by Ethernet, you can eliminate this risk.
In fact, you should disable remote access completely in order to require a wired connection in order to tweak anything. This way even if a hacker manages to connect wirelessly and break your password, they won’t be able to change anything and you won’t be subject to a random hijacking.
2. Change the Default Admin Login
Every router comes with a default username/password combination for the administration panel. This is how you log in the very first time you set up the router. The username and password will also revert back to their defaults whenever you reset the router to factory settings.
You absolutely MUST change these ASAP.
Did you know that there are websites out there where you can search for default admin credentials by router model? Just check out RouterPasswords.com and DefaultPasswords.in. This means that if a hacker knows what kind of router you have, and you haven’t changed the admin credentials, they can break in with zero effort.
3. Change the Default SSID
Another setting you should change right away: your router’s SSID (i.e. the public name that shows up when you’re looking at in-range Wi-Fi networks).
Many routers come with default SSIDs that can give away its brand and/or model. For example, some Linksys routers have default SSIDs that look like
Linksys#####. And it’s no different for Cisco, Belkin, Netgear, TP-Link — they all have router models that come with default SSIDs that give away their brands.
4. Encrypt Using WPA2 and AES
Encryption is a must-use feature on all routers. Neglecting to use encryption is like leaving all of your doors and windows open all of the time — everything you say or do can be seen and heard by anyone who cares enough to look or listen.
Seriously, it only takes about 30 seconds to enable encryption in your router settings. And when you do, make sure you use WPA2 Personal mode if it’s available, otherwise use WPA Personal. No matter what, do NOT use WEP mode because it’s weak and easily cracked.
Once WPA2/WPA mode is set, make sure you’re using AES encryption instead of TKIP. TKIP is better than nothing, but AES is more recent and more secure so prefer it whenever you can. Note that AES + TKIP encryption is effectively as bad as TKIP only, so stick to AES only.
5. Enable the Router Firewall
A firewall examines incoming network data and blocks anything that’s deemed unsafe. Most routers have some kind of built-in firewall feature — most likely SPI Firewall, which compares parts of all incoming network data against a database and only allows it in if it passes the test.
It’s probably enabled by default, but check and make sure it’s on. Note that this may interfere with certain online games. If it does, you can get around it by using port forwarding.
6. Disable WPS and UPnP Features
WPS, or Wi-Fi Protected Setup, makes it easy to add new devices to a network. All you have to do is press the WPS button on the router, then press the WPS button on the device, and voila — connection established. Unfortunately, you should disable WPS because it can be cracked quite easily.
UPnP, or Universal Plug and Play, allows newly-connected devices to be immediately discoverable by other devices on the same network. Unfortunately, the UPnP design is full of glaring security holes and so should be disabled as soon as possible.
7. Keep the Router Firmware Updated
You have to keep your software up to date — that’s one of the most oft-repeated pieces of advice from security experts. This also applies to the software that drives your router, which is calledfirmware.
Outdated firmware is bad for two reasons:
- It may have unpatched security holes that can be exploited, and
- newer firmware can introduce extra features or improvements that can impact overall security.
Therefore, it’s in your best interest to keep firmware updated.
Every few months, you should check your router manufacturer’s website for firmware updates to your model. If so, download the file and apply it in your router settings. Fortunately, you won’t have to do this often because firmware updates tend to be infrequent.
What’s Your Biggest Wireless Woe?
One more note on wireless routers: is your Wi-Fi speed unusually slow? Check out these speed-boosting tips. And if you’re experiencing a lot of interference and poor signal quality, you may want to look into Wi-Fi range extenders or powerline adapters.
How is your wireless network security at home? Which of these tips were new to you? Know of any other tips we missed? Let us know in a comment down below!