zombola
06-12-2015, 12:52 PM
Summary: Your home router is vulnerable to attacks as soon as you take it out of the box. Here are a number of ways you can secure your home wireless network.
http://zdnet3.cbsistatic.com/hub/i/r/2014/08/20/c76c162a-2813-11e4-9e6a-00505685119a/resize/620xauto/af255434307a179ac7195fc1beb0f737/secure-router-1a.png
Don't use the default login information
It's nearly always possible to find a router's default username and password online, depending on the brand and model. This means you can connect to the network, or tap into the router settings and lock out anyone from the network — even the owners. Worse still, hackers could monitor the traffic going in and out of the router, such as passwords and credit card information.
Change the default settings at the earliest opportunity with a strong username (if possible) and password.
http://zdnet1.cbsistatic.com/hub/i/r/2014/08/20/c7e80d99-2813-11e4-9e6a-00505685119a/resize/620xauto/a51c06cd08849ddd420f298ef0cd5c6b/secure-router-2b.png
Set the wifi security to WPA2
WPA2 isn't perfect, but it's the best solution outside of the enterprise. It allows you to set a strong password — with letters, numbers, and other characters — that can be near-uncrackable to attackers. The stronger the password, the harder it is for anyone to jump on your wi-fi network.
http://zdnet4.cbsistatic.com/hub/i/r/2014/08/20/c85c4e02-2813-11e4-9e6a-00505685119a/resize/620xauto/c9cf7b3a3e6e89d73195fddbd0d93092/upload-router.jpg
Set a list of 'approved' devices
Every networking device has a MAC address, which uniquely identifies that device. By setting the MAC Address Filter, it means devices with pre-set MAC addresses can join the network — even if a password has been set. This means you can set only your smartphone, notebook, and other devices to the network, and no other device can join — even if they have the correct wifi password.
http://zdnet1.cbsistatic.com/hub/i/r/2014/08/20/c8d070de-2813-11e4-9e6a-00505685119a/resize/620xauto/1bcb80726e481b9f58857a3d6b5b427b/secure-router-4d.png
Keep your router's firmware up to date
Updating the software for your router on a regular basis squashes known security bugs and vulnerabilities. These patches not only offer fixes, but also periodically you may get new software features that can enhance your network's security. These firmware patches are generally available from the router manufacturer's website.
http://zdnet2.cbsistatic.com/hub/i/r/2014/08/20/c96cd879-2813-11e4-9e6a-00505685119a/resize/620xauto/861d94a58cf0bf87fee4cfdabfca0701/secure-router-5e.png
Disable remote access, UPnP
Universal Plug-and-Play (UPnP) has been criticized by the security community for allowing bugs and security flaws that can give unauthorized access to networks. Disabling UPnP can mitigate these attacks.
Also, if you have remote access to your router, disable this. It's yet another vector in which attackers can try to gain access to your network. Very few people, unless you're an enterprise network administrator, need remote access to networking devices.
http://zdnet4.cbsistatic.com/hub/i/r/2014/08/20/ca1e36e3-2813-11e4-9e6a-00505685119a/resize/620xauto/17f3d26c68021ebe048552187c5747a7/secure-router-6f.png
Disable guest access
Some routers provide guest access. While this function often separates out your home network and your guests who use the temporary access, some hackers have been able to tunnel through the security wall into other parts of the network. If you really want to keep out people who shouldn't be on your network, disable this feature.
http://zdnet3.cbsistatic.com/hub/i/r/2015/02/16/bcbca9c3-db1c-402f-9e6d-a961d25097c2/resize/620xauto/f15798450372e8aab311c27dc49534f9/b-2-ssid.jpg
Turn your network broadcast (SSID) off
Turning off your network's broadcast name (SSID) can make it harder for hackers or others to gain unauthorized access to your network. The SSID is useful if you're roaming between two or more hotspots. But, if you have just one Wi-Fi router, you don't need to roam, and can turn this off without hassle. Just make sure you remember the SSID so you can plug it in manually.
http://zdnet3.cbsistatic.com/hub/i/r/2014/08/20/c76c162a-2813-11e4-9e6a-00505685119a/resize/620xauto/af255434307a179ac7195fc1beb0f737/secure-router-1a.png
Don't use the default login information
It's nearly always possible to find a router's default username and password online, depending on the brand and model. This means you can connect to the network, or tap into the router settings and lock out anyone from the network — even the owners. Worse still, hackers could monitor the traffic going in and out of the router, such as passwords and credit card information.
Change the default settings at the earliest opportunity with a strong username (if possible) and password.
http://zdnet1.cbsistatic.com/hub/i/r/2014/08/20/c7e80d99-2813-11e4-9e6a-00505685119a/resize/620xauto/a51c06cd08849ddd420f298ef0cd5c6b/secure-router-2b.png
Set the wifi security to WPA2
WPA2 isn't perfect, but it's the best solution outside of the enterprise. It allows you to set a strong password — with letters, numbers, and other characters — that can be near-uncrackable to attackers. The stronger the password, the harder it is for anyone to jump on your wi-fi network.
http://zdnet4.cbsistatic.com/hub/i/r/2014/08/20/c85c4e02-2813-11e4-9e6a-00505685119a/resize/620xauto/c9cf7b3a3e6e89d73195fddbd0d93092/upload-router.jpg
Set a list of 'approved' devices
Every networking device has a MAC address, which uniquely identifies that device. By setting the MAC Address Filter, it means devices with pre-set MAC addresses can join the network — even if a password has been set. This means you can set only your smartphone, notebook, and other devices to the network, and no other device can join — even if they have the correct wifi password.
http://zdnet1.cbsistatic.com/hub/i/r/2014/08/20/c8d070de-2813-11e4-9e6a-00505685119a/resize/620xauto/1bcb80726e481b9f58857a3d6b5b427b/secure-router-4d.png
Keep your router's firmware up to date
Updating the software for your router on a regular basis squashes known security bugs and vulnerabilities. These patches not only offer fixes, but also periodically you may get new software features that can enhance your network's security. These firmware patches are generally available from the router manufacturer's website.
http://zdnet2.cbsistatic.com/hub/i/r/2014/08/20/c96cd879-2813-11e4-9e6a-00505685119a/resize/620xauto/861d94a58cf0bf87fee4cfdabfca0701/secure-router-5e.png
Disable remote access, UPnP
Universal Plug-and-Play (UPnP) has been criticized by the security community for allowing bugs and security flaws that can give unauthorized access to networks. Disabling UPnP can mitigate these attacks.
Also, if you have remote access to your router, disable this. It's yet another vector in which attackers can try to gain access to your network. Very few people, unless you're an enterprise network administrator, need remote access to networking devices.
http://zdnet4.cbsistatic.com/hub/i/r/2014/08/20/ca1e36e3-2813-11e4-9e6a-00505685119a/resize/620xauto/17f3d26c68021ebe048552187c5747a7/secure-router-6f.png
Disable guest access
Some routers provide guest access. While this function often separates out your home network and your guests who use the temporary access, some hackers have been able to tunnel through the security wall into other parts of the network. If you really want to keep out people who shouldn't be on your network, disable this feature.
http://zdnet3.cbsistatic.com/hub/i/r/2015/02/16/bcbca9c3-db1c-402f-9e6d-a961d25097c2/resize/620xauto/f15798450372e8aab311c27dc49534f9/b-2-ssid.jpg
Turn your network broadcast (SSID) off
Turning off your network's broadcast name (SSID) can make it harder for hackers or others to gain unauthorized access to your network. The SSID is useful if you're roaming between two or more hotspots. But, if you have just one Wi-Fi router, you don't need to roam, and can turn this off without hassle. Just make sure you remember the SSID so you can plug it in manually.