How to Secure Your Home Network and WiFi Router
The bottom line: the simplest way to secure your WiFi network is to use a strong password, make sure to upgrade the firmware on your router at least annually, and limit the number of devices connecting to it.
Routers are good at managing your network, but they’re not always so great at keeping it secure.
While the latest high-end routers on the market have made huge leaps toward increasing bandwidth and optimizing WiFi, the combination of bad firmware code coupled with poor manufacturer support leaves many consumer devices riddled with backdoors. It’s easier than you might think for a hacker to work around your default security settings and create all sorts of mayhem.
Luckily, there are basic precautions you can take when purchasing and setting up a router to save yourself some time and money, boosting your Internet speed in the process. You don’t have to know how a UPnP exploit works to protect yourself from hackers on your network — all you have to know is which features translate to real-world performance, and which security fixes translate to real-world safety.
Security: How to Protect Yourself From 99% of Attacks
Wi-Fi networks will always have flaws a sophisticated hacker can exploit to crack the system. The trick to keeping your system secure is to make hacking it as difficult as possible without compromising the performance of your network in the process.
Here are some simple steps you can take to secure your network and discourage hackers.
Change Your Username and Password
The number one thing to do when you set up a new router is change your username and password. The default is often “admin,” for both fields, with the obvious vulnerabilities that entails.
It’s tempting to use a simple, memorable word for your password. Don’t! They’re easy for programs and intruders (or even friends and family) to guess. A good password should be a random sequence of numbers, letters, and symbols.
Enable WPA2 (or WPA3 if you have it)
At some point while setting up your router, you’ll have to select a security type. The options you’re likely to be presented with are WEB, WPA, WPA2.
Of these options, only WPA and WPA2 are currently considered safe, with WPA2 being the better option. WEB has long since been rendered useless by security flaws. WPA and WPA2 aren’t perfect but when combined with other basic security precautions, they’re the best option for most users.
WPA3 is currently the highest level of encryption for WiFi security, but it is not yet common in the routers ISPs lease if plan speeds are lower than 400 Mbps. If you plan on buying a router, ensure it has WPA3 — especially if you allow guests to connect to your network frequently.
Change the SSID Broadcast Name
The name of your WiFi network is known as the service set identifier (SSID) broadcast. If you look at the name of WiFi networks in an apartment building, you’re sure to see a ton of “Linksys” and “D-Link.” Every type of router has its own personal weaknesses, and hackers will target a Linksys router differently than a D-link router.
Most security-conscious users will change their broadcast name to something personal like “jakes-house” so it’s less clear what vulnerabilities they might have. (If you see a network named “FBI security van,” don’t freak — it’s a common prank.) An even better strategy here, though, is to change the name to another brand’s default name (for example, switch the name of a Linksys router to “D-Link”) to throw low-level hackers off the trail completely.
Create a Guest Network
Most routers have the ability to create and maintain a guest WiFi network. A guest network allows users to get online using your WiFi, while also limiting what they can access in your network (i.e. printers, shared folders, smart home devices). You’ll want to give your guest network credentials to friends, family, and anyone who lives outside of your home.
WPS, or WiFi Protected Setup, comes as a default with many routers allowing faster connection to wireless devices. When WPS is on, devices within range can automatically connect to the network without the password. While it seems like a good idea if you’re constantly connecting new devices or sharing your WiFi with guests, it is a privacy risk since a stranger can easily connect to your network if they’re outside your home.
The wide availability of programs like Reaver that can crack WPS within just a few hours — with no skill on the part of the hacker — makes WPS a non-option if you value your privacy. If WPS comes enabled on your router, be sure to turn it off when you set up your network.
Use MAC address filtering
Each internet and bluetooth connecting devices its own media access control (MAC) address. Most routers have a setting known as MAC address filtering which gives network owners control as to which devices can connect to the network. The main benefit to enabling MAC address filtering is that you’ll know which devices are connected to your network since you have to manually input the MAC address for each of your devices. However, the downfall is having to access your router’s control panel each time you want to connect or disconnect a device.
Use a firewall or VPN
For the utmost privacy, get a VPN or a firewall with a VPN. Most VPN providers include antivirus and firewall software with their subscriptions, while it is hit or miss whether firewall software includes VPN access. In some cases, firewall software providers will offer limited VPNs for free, meaning only a portion of your internet traffic or small number of devices will be protected by the VPN. We reviewed the best VPNs of 2021 to give you a quick look at which VPNs are the most secure. If you’re looking for a fully-featured firewall and VPN, consider one from one well-known and trusted names in the cybersecurity space, like Norton or Bitdefender.
Know What the Url to Your Admin Panel Is, and Never Enter Your User Credentials Elsewhere
A common method for man-in-the-middle hacker attacks is to present you with a false login alert, fooling unwitting Wi-Fi users into entering their username and password to “confirm their identity” — when in fact, they’re just sending the information to a hacker who can then intercept all the data passing between computer and router without detection.
Routers come pre-installed with a packet of code that controls basic network functions, known as firmware. Like the operating system and software on your computer and smartphone, router firmware has to be updated from time to time.
Most smart routers or gateways (modem and router combos) are able to automatically upgrade firmware. The setting is accessible via the control panel or monitoring app. ISPs often push updates to leased equipment when the firmware is made available to them. Keeping firmware up to date can be a challenge if you own your equipment — every company has its own system and updates come infrequently.
The best way to manually update your router’s firmware is to check the manufacturer’s website for the newest release.
…Or Consider an Alternative Firmware
If you’re willing to do some experimenting, custom firmware like DD-WRT, OpenWRT, and Tomato can replace the manufacturer firmware on your router to give big benefits when it comes to speed and security.
Tomato and DD-WRT have the simplest installation procedures and user interfaces, while OpenWRT is a better choice for advanced administrators. All three open up cool features like real-time monitoring and device segregation, making it much easier to detect intruders and keep them off your network.
Networks Will Always Have Flaws, So Be a Tough Target
The tips above are enough to keep out 99% of hackers, and the other 1% won’t want to waste their time when there are easier targets to be had.
Don’t be scared to experiment and customize your network. Most routers are easy to troubleshoot or reset to factory defaults if you run into any issues. Consider spending a few extra dollars on a higher-end router with security features if you’ve dealt with security issues previously. As always, practice safe browsing by:
- Keeping all your devices up-to-date — software updates often include new security features
- Being mindful of who and what devices you allow to connect to your network — an entire network is at risk if one device is connected
- Be cautious when going to new websites or downloading new app
- Only connect devices that need WiFi — the more devices there are, the more of a security risk there is and the slower your network may be