Some wifi routers are misconfigured fresh from the factory or ISP. It works, but not really tuned for security. Today in we provide you with tips on how to secure your wifi router in a non-complicated presentation. There may not be many people who are messing with router settings at the time of purchase, but with this article, we wish for our readers to have a new take when it comes to appreciating wireless LAN technology.
Change Your DNS Servers
DNS is Domain Name System, basically the phone book of the Internet. It is the system that converts the human-readable domain names to its corresponding IP addresses. ISPs do not earn money from building and maintaining their DNS servers, but it is the actual “directory” that makes the whole Internet useful in the first place. Most of the ISP-maintained DNS servers are not optimized, have slow response times and vulnerable to DNS attacks. We recommend Quad9 (220.127.116.11) as your DNS server, it is the only public DNS that blocks malicious, virus-infected domains.
Consider MAC Filtering
Although it is easy for an attacker to spoof a MAC address, some security enhancements can be made by setting that only devices added to the whitelist can connect. This filtering method is based on the MAC address of each device. A MAC address of the machine’s network card using the notation “xx-xx-xx-xx-xx-xx-xx-xx” where XX is a hexadecimal number from 00 to FF. This helps supplement the WPA2 password, as only machines with its MAC address recorded in the whitelist are allowed to connect to the router.
Use WPA2 (or WPA3 if available)
Needless to say, don’t create an open wifi network, the next option WEP encryption should also be disregarded. Passwords “protected” with WEP encryption are much more vulnerable than passwords encrypted with newer encryption technology like Wifi Protected Access (WPA2). WPA3 routers are available in the market as well, if your hardware is supported that option should be used instead. WPA3 provides a stricter implementation of Wi-Fi router encryption technology compared to all of its predecessors.
At a glance, WPS (WiFi Protected Setup), which allows you to log into a router with only a short PIN number without entering a long and complicated password, may seem convenient at first glance. The game consoles such as the XBOX 360, PlayStation 3 and newer provides an interface to auto-configure themselves with the Wi-Fi router using the WPS protocol. However, convenience comes with security issues, as automatic configuration means the home network can be infiltrated easier by taking advantage of the bugs in the WPS protocols. To avoid this, you should not use WPS in the first place. We recommend manual configuration of Yes, passwords are required. Inconvenient for sure, but there is no way snooping from auto-configuring WPS is possible.
Consider disabling UPnP
Universal Plug and Play was a great technology on paper, but its various implementations were very insecure and prone to infiltration. When paired with the WPS feature, it definitely is a recipe for disaster for the home wireless network. We had extensive coverage about the issues hounding UPnP. The last 3 Tech News we had about it are available here, here and here. No sane organization, not even in the home network should enable the use of UPnP due to its flawed implementations, totally non-negotiable for a system administrator worth his salt.
Update the firmware
Depending on your router brand and model, firmware updates may be rare or even just wishful thinking. This is especially true for the home router scene, where it is considered as disposable equipment. Conversely, some routers will notify you every time you log in when the firmware is updated. Either way, you need to know how to update to the latest firmware.
If you can download the firmware update directly from the manufacturer, usually by logging in to the router’s web interface (usually using 10.0.0.1, 192.168.0.1 or 192.168.1.1), go to the update page and clicking update.
Take note that router firmware update is a sensitive process, power should not be interrupted during the update process or else the router will be rendered unusable.