How to Secure Your Home Network and WiFi Router
The bottom line: the simplest way to secure your WiFi network is to use a strong Wpa2 password, do not enter the password into any popups, and make sure to upgrade the firmware on your router at least annually.
Routers are good at managing your network, but they’re not always so great at keeping it secure.
While the latest high-end routers on the market have made huge leaps toward increasing bandwidth and optimizing Wi-Fi, the combination of bad firmware code coupled with poor manufacturer support leaves many consumer devices riddled with backdoors. It’s easier than you might think for a hacker to work around your default security settings and create all sorts of mayhem.
Long story short, it’s easier than you might think for a hacker to work around your default security settings and create all sorts of mayhem.
Luckily, there are basic precautions you can take when purchasing and setting up a router to save yourself some time and money, boosting your Internet speed in the process. You don’t have to know how a UPnP exploit works to protect yourself from hackers on your network — all you have to know is which features translate to real-world performance, and which security fixes translate to real-world safety.
In this post we’ll break down the features you need on your next router and introduce some basic security precautions that keep your network private.
Security: How to Protect Yourself From 99% of Attacks
Wi-Fi networks will always have flaws a sophisticated hacker can exploit to crack the system. The trick to keeping your system secure is to make hacking it as difficult as possible without compromising the performance of your network in the process.
Here are some simple steps you can take to secure your network and discourage hackers.
Change Your Username and Password
The number one first thing to do when you set up a new router is change your username and password. The default is often “admin,” for both fields, with the obvious vulnerabilities that entails.
Standard strong password rules apply: a long jumble of randomized letters, numbers, and symbols will be much stronger than you pet’s name or other “easy” password.
Change the Ssid Broadcast Name
Check out the Wi-Fi scan in an apartment building and you’re sure to see a ton of “Linksys” and “dlinks.” Every type of router has its own personal weaknesses, and hackers will target a Linksys router differently than a D-link router.
Most security-conscious users will change their broadcast name to something personal like “jakes-house” so it’s less clear what vulnerabilities they might have. (If you see a network named “FBI security van,” don’t freak — it’s a common prank.) An even better strategy here, though, is to change the name to another brand’s default name (for example, switch the name of a Linksys router to “dlink”) to throw low-level hackers off the trail completely.
WPS comes as a default with many routers. The wide availability of programs like Reaver that can crack WPS within just a few hours — with no skill on the part of the hacker — makes WPS a non-option if you value your privacy. If WPS comes enabled on your router, be sure to turn it off when you set up your network.
At some point while setting up your router you’ll have to select a security type. The options you’re likely to be presented with are WEB, WPA, WPA2.
Of these options, only WPA and WPA2 are currently considered safe, with WPA2 being the better option. WEB has long since been rendered useless by security flaws. WPA and WPA2 aren’t perfect, but combined with other basic security precautions they’re the best option currently.
It’s tempting to use a simple, memorable word for your password. Don’t! They’re easy for programs and intruders to guess. A good password should be a random sequence of numbers, letters, and symbols.
Know the Url Where Your Admin Panel Is, and Never Enter Your User Credentials Elsewhere
A common method for man-in-the-middle hacker attacks is to present you with a false login alert, fooling unwitting Wi-Fi users into entering their username and password to “confirm their identity” — when in fact, they’re just sending the information to a hacker who can then intercept all the data passing between computer and router without detection.
Routers come pre-installed with a packet of code that controls basic network functions, known as firmware. Like the OS on your computer or the software on your computer, router firmware has to be updated from time to time.
Keeping firmware up to date is one of the biggest problems with Wi-Fi security — every company has their own system, the updates come infrequently, and the system isn’t usually automated like it is with the OS on your computer or the apps on your phone. What’s worse, even the latest updates often have glitches that allow sophisticated hackers to weasel their way onto a network through the back door.
So, the basic security precaution to take insofar as firmware is to keep an eye on your manufacturer’s site for updates, and follow the instructions to install them as soon as possible.
…Or Consider an Alternative Firmware
If you’re willing to do some experimenting, custom firmware like DD-WRT, OpenWRT, and Tomato can replace the manufacturer firmware on your router to give big benefits when it comes to speed and security.
Tomato and DD-WRT have the simplest installation procedures and user interfaces, while OpenWRT is a better choice for advanced administrators. All three open up cool features like real-time monitoring and device segregation, making it much easier to detect intruders and keep them off your network.
Networks Will Always Have Flaws, So Be a Tough Target
The tips above are enough to keep out 99% of hackers, and the other 1% won’t want to waste their time when there are easier targets to be had.
Don’t be scared to customize your network, consider spending a few extra dollars on a higher-end router with security features, and you’ll be set for a visitor-free Internet experience.