Almost everyone accessing the Internet should be alert about ensuring that their routers are secure. Although protecting WiFi is important, even if WiFi is turned off on your router, there are other router security issues. The most creepy thing is how hackers use home routers to join the botnet army and launch botnet attacks on services on the whole Internet. Although some vendors will automatically update your network with the latest security patches (which is why I switch to Google WiFi), most vendors will not. In this article, I’ll show you how to secure your home router and Wifi network from attacks.
Select a secure router
The most important step to having a secure network is to choose a router whose firmware is updated frequently. This ensures that suppliers can respond to the latest hackers and vulnerability attacks in a timely manner.
I don’t recommend using the router provided by ISP, because there are some typical remote management functions that can be utilized. In case ISP strongly tells you to use its router, you should be ok to turn off WiFi on the router and use it in bridge mode to disable routing and allow your router to act as a gateway to the Internet.
Example of putting one of Comcast’s routers in bridge mode: Enable bridge mode on Xfinity router
When choosing a router, it is best to choose a trusted brand to ensure that the vulnerability can be repaired quickly. You also need to know how to update the firmware on these routers, because this is the way to fix the vulnerability. I suggest Google search on “router brands > vulnerabilities” to see how they keep up with the latest vulnerabilities.
Open-source router firmware
According to my idea, an open-source community is the best method when finding and fixing exploits. So many people pay attention to the ongoing vulnerability attacks that most vendors are reminded of bugs and hacker attacks by the open-source community. If it’s me I will buy a router that can flash and install open-source routing software, such as OpenWrt, DD-WRT, AdvancedTomato, or Asuswrt-Merlin.
Configure router security
Here are a few other er things you should do to make sure that your router is secure and up-to-date. As you are the network administrator it is up to you to make sure it’s safe which means paying close attention to the firmware update of the router. If possible, register the email when the router firmware is updated.
Replace administrator password to new password
Most routers have a default administrator account and password. They are usually very easy to guess (such as username:-admin and password:-password), and also you can even find them online for a given model. The first thing you should do is create a new administrator account and password. Make sure you select a strong password. After setting up a new administrator account, delete the default account.
Many botnet attacks are due to hackers writing scripts that use the default administrator account to search routers and control them.
Replace the router’s default IP address
Many routers default their IP address to 192.168. 0.1 or 192.168. 1.1. It is not specified that this must be the IP address of the router. I suggest changing it to 192.168. 10.5. I fix the subnet mask to 255.255. 255.0. This means that all the network devices logged on my network will have an IP similar to 192.168. 10.X。 Just make sure to use a number between 1 and 254.
I also suggested changing the default DNS. OpenDNS (126.96.36.199, 188.8.131.52) or Google public DNS (184.108.40.206, 220.127.116.11) are trustworthy options. If you are using IPv6, the OpenDNS addresses are 2620:0: CCC:: 2 and 2620:0: CCD:: 2, and the Google DNS addresses are 2001:4860:4860:: 8888 and 2001:4860:4860:: 8844.
When fixing the new IP address of the router, make sure to check the DHCP settings at the same time. These are the addresses that the router will send to devices on the network. You can fix the range of a given IP. For example, I set the range to 192.168. 10.57 – 192.168. 10.156. This will give me 100 network addresses. Make sure you do not include the router or IP address you manually set on the network.
In addition, please note that the new address of the router is the way you access the router management menu. For example, it will be an “ https://192.168.10.5 “alternative to the default. In this case, I also think that the router allows users to force a secure” HTTPS “connection instead of an unencrypted” HTTP “
Disable or turn off risky services
When certain protocols are scanned from outside the network, the router will respond to them. Some should be turned off, or at least in hidden mode, therefore they will not reply to scans outside the network.
Telnet and secure shell (SSH) Services should not be uncovered outside your network (blocking incoming traffic). This will prevent access to the router if a back door is installed at some point.
Universal plug and play (UPnP) need to be restricted to incoming traffic. Note that this is how the Internet accesses external baby monitors and cameras. If this function is required, consult the equipment manufacturer to ensure that it is set up in a safe manner. Using the default UPnP makes you defenseless to other people accessing these devices.
”Simple network management protocol” (SNMP) will not use by most users, therefore they can turn it off. The protocol was vulnerable to many hacker attacks and vulnerabilities in the past. I also suggest turning off or disabling the home network management protocol (HNAP) and the customer site device WAN Management Protocol (CWMP)
Protect your home WiFi
When fixing up a WiFi network, be sure to use WPA2 with a strong password. WEP and WPA are damaged and should not be used. Make sure to change the default name of the WiFi network. You can also turn off the broadcasting of SSIDs. This means that when you connect to a device, the network will not appear in the menu and you will need to type it manually to join the network.
Ensure that Wi-Fi protection settings (WPS) are disabled. This allows the device to be connected to the network using a pin printed on the label or by pressing a physical button on the router. They are vulnerable to violent attacks.
For those who care about privacy and want to be more anonymous when surfing the Internet, a VPN service will be of great benefit. This service will allow you to use your router as a VPN client to encrypt your data, and even hide most of your online behavior, even for your ISP!
On the other hand, outsourcing network maintenance
I recently switched to Google WiFi. It is easy to set up mesh WiFi network that automatically handles security aspects. Some people may point out that it is cloud-managed, which will open potential vulnerabilities. However, when I use Gmail, Google Docs, or Google cloud in any way, I’m already taking this risk. I was tired of managing my network, so I decided to let Google do it.
I know that some people may feel uneasy about this approach and lose the flexibility of fine-grained control of the network. For these people, take a look at the Netgear Orbi WiFi Mesh System. It does not force users into the cloud and allows users to have greater network management flexibility.
Need more information?
If this article is not detailed enough or does not answer your specific questions, please visit our home page! It will guide you to find affordable Internet providers, streaming media services to meet your needs, antenna information, and more tools and resources to help you save TV and Internet access costs.
If you have any questions about using these methods to solve problems, you can contact us. If you have some useful suggestions, you can also share them with us.