Truth is, unless you’ve read an article like this before and took action, your wireless network likely has several vulnerabilities. And if exploited, these vulnerabilities could mean something as “harmless” as a neighbor stealing your bandwidth, or as dangerous as a hacker stealing your identity.
Here are seven easy steps that you can take to lock down your wireless network security — and it won’t take more than five minutes, I promise.
- Always Access Admin Panel With Ethernet
Logging into your router’s administration panel is as simple as opening your web browser, typing in an IP address (or sometimes a URL), and entering the router’s admin username and password. This is all fine and dandy — unless you’re doing so on a wireless connection.
When logging into the admin panel over wireless, those login credentials are sent over the air, which offers potential for interception. If you only ever log in while connected by Ethernet, you can eliminate this risk.
In fact, you should disable remote access completely in order to require a wired connection in order to tweak anything. This way even if a hacker manages to connect wirelessly and break your password, they won’t be able to change anything and you won’t be subject to a random hijacking.
2. Change the Default Admin Login
Every router comes with a default username/password combination for the administration panel. This is how you log in the very first time you set up the router. The username and password will also revert back to their defaults whenever you reset the router to factory settings.
You absolutely MUST change these ASAP.
Did you know that there are websites out there where you can search for default admin credentials by router model? Just check out RouterPasswords.com and DefaultPasswords.in. This means that if a hacker knows what kind of router you have, and you haven’t changed the admin credentials, they can break in with zero effort.
Even if they don’t know what kind of router you have, they can simply brute force an attack by running through all known admin username/password combinations. So changing these should be the very first thing you do with a new router. This is also something you’ll want to do if you’re concerned that you’re raising a budding hacker. Not sure how? See our article on how to change your Wi-Fi password.
3. Change the Default SSID
Another setting you should change right away: your router’s SSID (i.e. the public name that shows up when you’re looking at in-range Wi-Fi networks).
Many routers come with default SSIDs that can give away its brand and/or model. For example, some Linksys routers have default SSIDs that look like Linksys#####. And it’s no different for Cisco, Belkin, Netgear, TP-Link — they all have router models that come with default SSIDs that give away their brands.
Remember, if a hacker knows what kind of router you have, it becomes a little easier for them to break in. We recommend changing your SSID right away, and when you do, you might even consider making it a funny one.
4. Encrypt Using WPA2 and AES
Encryption is a must-use feature on all routers. Neglecting to use encryption is like leaving all of your doors and windows open all of the time — everything you say or do can be seen and heard by anyone who cares enough to look or listen.
Seriously, it only takes about 30 seconds to enable encryption in your router settings. And when you do, make sure you use WPA2 Personal mode if it’s available, otherwise use WPA Personal. No matter what, do NOT use WEP encryption because it’s weak and easily cracked.
Once WPA2/WPA mode is set, make sure you’re using AES encryption instead of TKIP. TKIP is better than nothing, but AES is more recent and more secure so prefer it whenever you can. Note that AES + TKIP encryption is effectively as bad as TKIP only, so stick to AES only.
Lastly, change your WPA2/WPA key (i.e. the wireless password). Make it strong! That means avoiding these common password mistakes. Aim for a minimum of 12 characters with a healthy mix of lowercase, uppercase, numbers, and special characters (e.g. @, !, %, $, etc).
5. Enable the Router Firewall
A firewall examines incoming network data and blocks anything that’s deemed unsafe. Most routers have some kind of built-in firewall feature — most likely SPI Firewall, which compares parts of all incoming network data against a database and only allows it in if it passes the test.
It’s probably enabled by default, but check and make sure it’s on. Note that this may interfere with certain online games. If it does, you can get around it by using port forwarding.
Also note that a router firewall isn’t enough on its own. Sometimes malicious data can get through undetected, which is why you should also install a free software firewall on your device as a second layer of defense.
6. Disable WPS and UPnP Features
WPS, or Wi-Fi Protected Setup, makes it easy to add new devices to a network. All you have to do is press the WPS button on the router, then press the WPS button on the device, and voila — connection established. Unfortunately, you should disable WPS because it can be cracked quite easily.
UPnP, or Universal Plug and Play, allows newly-connected devices to be immediately discoverable by other devices on the same network. Unfortunately, UPnP is full of glaring security holes and so should be disabled as soon as possible.
If you can’t disable either of these features, then it may be time for you to consider buying a new wireless router.
7. Keep the Router Firmware Updated
You have to keep your software up to date — that’s one of the most oft-repeated pieces of advice from security experts. This also applies to the software that drives your router, which is called firmware.
Outdated firmware is bad for two reasons:
- It may have unpatched security holes that can be exploited.
- Newer firmware can introduce extra features or improvements that can impact overall security.
Therefore, it’s in your best interest to keep firmware updated.
Every few months, you should check your router manufacturer’s website for firmware updates to your model. If so, download the file and apply it in your router settings. Fortunately, you won’t have to do this often because firmware updates tend to be infrequent.