Routers are good at managing your network, but they’re not always so great at keeping it secure.
While the latest high-end routers on the market have made huge leaps toward increasing bandwidth and optimizing Wi-Fi, the combination of bad firmware code coupled with poor manufacturer support leaves many consumer devices riddled with backdoors.  It’s easier than you might think for a hacker to work around your default security settings and create all sorts of mayhem.
Long story short, it’s easier than you might think for a hacker to work around your default security settings and create all sorts of mayhem.
Luckily, there are basic precautions you can take when purchasing and setting up a router to save yourself some time and money, boosting your Internet speed in the process. You don’t have to know how an UPnP exploit works to protect yourself from hackers on your network — all you have to know is which features translate to real-world performance, and which security fixes translate to real-world safety.
Share with your friends
In this post we’ll break down the features you need on your next router and introduce some basic security precautions that keep your network private.
Features worth paying for
The appearance of routers varies dramatically between manufacturers, but the core functionality is the same: spreading your Internet connection between various devices and allowing sharing between those devices.
802.11ac vs 802.11n
Routers generate Wi-Fi, and the Wi-Fi standard is periodically updated to allow faster speeds and better security. The latest Wi-Fi standard is 802.11ac, but many devices on the market still come with 802.11n, which is almost as good.
For the average user, an 802.11n router will be sufficient when it comes to speed — however, the 802.11ac standard is significantly more secured against USB adaptor hacks, and is fully backwards-compatible with all older devices.
Both types support beamforming, dual-band, and other helpful features that squeeze all the performance possible out of your home network (however, the subject of beamforming is complex and as a rule of thumb works much better on the 802.11ac standard).
The benefit you’ll enjoy day-to-day with a 802.11ac router is higher 1Gbps throughput (vs. 600Mbps limit on 802.11n routers) and the ability to broadcast Wi-Fi over a longer distance on the 5.0GHz wavelength. Overall, 802.11ac should be your first choice if you live in a populated area where hacking is a concern. It is also a good choice for gamers, high-use streamers, and other power users who benefit from the extra speed and lower latency.
Wi-Fi makes use of two “bands” of the radio spectrum: 2.4GHz is the old standard, with newer routers supporting additional 5.0GHz networks. The 2.4GHz band is often crowded with other Wi-Fi networks in apartment buildings and urban areas, making the more spacious 5.0GHz band a huge bonus when it comes to optimizing your network.
Dual-band routers are able to create networks using both bands at the same time, splitting your devices between the bands to increase the available bandwidth and boost speeds. By running 802.11ac devices on 5.0GHz and older devices on 2.4GHz, dual-band routers alleviate the “lowest common denominator” effect that old devices can have when sharing the 2.4GHz band with newer 802.11ac devices.
If you’re looking at routers, chances are Wi-Fi performance is first and foremost on your mind. While smart network users will plug in high-use devices like TVs or desktop computers, the fact is that plugging in laptops isn’t terribly practical.
The concept behind Beamforming is simple: rather than radiating Wi-Fi in all directions like a standard “Wifi bubble,” beamforming allows your router to target the devices in your network and broadcast Wi-Fi signal selectively to that device’s location.
Beamforming helps to compensate for the reduced broadcast area of Wi-Fi over the new 5.0GHz band supported by new 802.11ac and 802.11n routers.
External antenna compatibility
If you’re having trouble connecting to the network on the outer edges, an external antenna can dramatically boost the network strength. External antennas come in omnidirectional and directional flavors. Omnidirectional antennas boost the range a little in all directions while directional antennas concentrate on a target area — similar to beamforming, but without live tracking.
Gigabit ethernet ports
One of the best ways to boost your network speeds and open up bandwidth for more devices is to wire stationary devices like your television or desktop computer directly to your router via an ethernet cable. Wi-Fi is great for mobile devices like laptops and smartphones, but the latency issues inherent in a wireless setup can become very frustrating when it comes to streaming video, games, and file transfers.
Most high-end 802.11ac routers will come with gigabit ethernet ports, and it’s definitely a worthwhile feature for wiring high-use devices. The 100Mb/sec ports that come on cheaper routers will wind up making your wired connection even slower than your wireless one.
Having the ability to segregate guest traffic from internal traffic can do wonders for speeds on a shared network. For a dual-band router, check that you’re able to limit guest traffic to the 2.4GHz network — leaving the supercharged 5.0GHz network free and open for internal use without cutting out the less critical users.
You’re likely to see the terms Quality of Service (QoS) and Wireless Multimedia Extension (WMM) kicked around a lot while wading through router specs. Both refer to different ways to manually control the prioritization of devices on your network, but the fact is that gains from implementing WMM and QoS are usually minimal at best.
Rather, what you should be looking for on a new router is network prioritization. Previous generations had difficulty with WMM and QoS playing together, resulting in a move towards an automated system controlled via the admin panel that allows selectively prioritizing devices based on type, ID, and other factors.
Security: how to protect yourself from 99% of attacks
Wi-Fi networks will always have flaws a sophisticated hacker can exploit to crack the system. The trick to keeping your system secure is to make hacking it as difficult as possible without compromising the performance of your network in the process.
Here are some simple steps you can take to secure your network and discourage hackers.
Change your username and password
The number one first thing to do when you set up a new router is change your username and password. The default is often “admin,” for both fields, with the obvious vulnerabilities that entails.
Standard strong password rules apply: a long jumble of randomized letters, numbers, and symbols will be much stronger than you pet’s name or other “easy” password.
Change the SSID broadcast name
Check out the Wi-Fi scan in an apartment building and you’re sure to see a ton of “Linksys” and “dlinks.” Every type of router has its own personal weaknesses, and hackers will target a Linksys router differently than a D-link router.
Most security-conscious users will change their broadcast name to something personal like “jakes-house” so it’s less clear what vulnerabilities they might have. (If you see a network named “FBI security van,” don’t freak — it’s a common prank.) An even better strategy here, though, is to change the name to another brand’s default name (for example, switch the name of a Linksys router to “dlink”) to throw low-level hackers off the trail completely.
WPS comes as a default with many routers. The wide availability of programs like Reaver that can crack WPS within just a few hours — with no skill on the part of the hacker — makes WPS a non-option if you value your privacy. If WPS comes enabled on your router, be sure to turn it off when you set up your network.
At some point while setting up your router you’ll have to select a security type. The options you’re likely to be presented with are WEB, WPA, WPA2.
Of these options, only WPA and WPA2 are currently considered safe, with WPA2 being the better option. WEB has long since been rendered useless by security flaws. WPA and WPA2 aren’t perfect, but combined with other basic security precautions they’re the best option currently.
It’s tempting to use a simple, memorable word for your password. Don’t! They’re easy for programs and intruders to guess. A good password should be a random sequence of numbers, letters, and symbols.
Know the URL where your admin panel is, and never enter your user credentials elsewhere
A common method for man-in-the-middle hacker attacks is to present you with a false login alert, fooling unwitting Wi-Fi users into entering their username and password to “confirm their identity” — when in fact, they’re just sending the information to a hacker who can then intercept all the data passing between computer and router without detection.
Routers come pre-installed with a packet of code that controls basic network functions, known as firmware. Like the OS on your computer or the software on your computer, router firmware has to be updated from time to time.
Keeping firmware up to date is one of the biggest problems with Wi-Fi security — every company has their own system, the updates come infrequently, and the system isn’t usually automated like it is with the OS on your computer or the apps on your phone. What’s worse, even the latest updates often have glitches that allow sophisticated hackers to weasel their way onto a network through the back door.
So, the basic security precaution to take insofar as firmware is to keep an eye on your manufacturer’s site for updates, and follow the instructions to install them as soon as possible.
…Or consider an alternative firmware
If you’re willing to do some experimenting, custom firmware like DD-WRT, OpenWRT, and Tomato can replace the manufacturer firmware on your router to give big benefits when it comes to speed and security.
Tomato and DD-WRT have the simplest installation procedures and user interfaces, while OpenWRT is a better choice for advanced administrators. All three open up cool features like real-time monitoring and device segregation, making it much easier to detect intruders and keep them off your network.
Networks will always have flaws, so be a tough target
The tips above are enough to keep out 99% of hackers, and the other 1% won’t want to waste their time when there are easier targets to be had.
Share with your friends
Don’t be scared to customize your network, consider spending a few extra dollars on a higher-end router with security features, and you’ll be set for a visitor-free Internet experience.