10 Measures to Protect Your Home Wi-Fi Router from Malicious Hackers

I think there aren't many people who are messing with the router settings from the time of purchase.

I think most people log in on the day they buy it, change the name and password of the WiFI network, and quit.

It may be fine if you just want to get an internet connection (and hopefully speed), but it's not uncommon these days for routers to be attacked by malicious hackers. To prevent this, you need to tweak various settings to enhance security.

Before I show you how to do that, here's one caveat. The interface, the names of setting items, the items that can be set, etc. differ depending on the router. This article was written with reference to Archer C7 made by TP-Link.

Please note that depending on the router, you may not be able to tamper with the items introduced here.

Now let's see how to increase the security of your Wi-Fi router.

1. Access the router settings screen
2. Update firmware
3. Change your router login ID and password
4. Use WPA2
5. Use better DNS
6. Consider MAC filtering
7. Consider WiFi scheduling
8. Disable suspicious services
9. Turn off the cloud function of the router
10. Consider WiFi networks for visitors and dedicated to smart home devices

How to identify the cause of slow internet speed and restore it

Access the router settings screen

Most routers don't come with easy-to-use apps. In that case, you will access the setting screen by hitting the IP address with a WEB browser from the device connected to the router. You can find the IP address in the following ways.

Update firmware

Depending on the router, firmware updates can be very deep and difficult to find. Conversely, some routers will notify you every time you log in when the firmware is updated. In any case, you need to know how to update to the latest firmware.

You are lucky if you can download the firmware update directly from the manufacturer. Click the button to start the process. There are also great routers that start downloading automatically.

Ordinary people wouldn't check "By the way, that tech gear firmware has been updated."

In some cases, you may have to upload the downloaded firmware to your router on your own.

In that case, do not make a mistake in downloading the firmware. Mostly on the router support page.

After downloading, let's proceed with the update manually while looking at the firmware file.

In this case, you should check the latest version of the firmware regularly. Don't forget to check regularly, even if it's a hassle, to protect your router from external threats.

Change your router login ID and password

If you are using an ID or password that uses "admin / admin", "admin / password", or other common words, change it immediately.

A strong login ID and password that can deal with brute force attacks is essential, even if the router manufacturer has given you a password individually.

Even if you give up a hundred steps and use "admin" as your user name, make sure that the password is as complicated as possible so that it cannot be found by searching the web.

Use WPA2

Needless to say, don't use WEP to set passwords for your WiFi network.

Passwords "protected" with WEP encryption are considerably weaker than passwords encrypted with WPA2. There is no reason not to use WPA2, except for older routers that do not support the WPA2 protocol.

Moreover, password-free open WiFi networks are absolutely prohibited.

Do not use WPS

At first glance, WPS (WiFi Protected Setup), which allows you to log in to your router with a short PIN number without having to type a long and complicated password, seems convenient.

But think about it.

Compared to complicated passwords and passphrases, it's much easier to look up your PIN number in a roundabout way.

Of course, most routers have a mechanism that makes it impossible to try for a while if you make a mistake in the password several times, but it cannot prevent even a clever WPS attack.

To avoid this, you shouldn't use WPS in the first place.

Yes, the password is mandatory. It may be troublesome. It may be a waste of time in your life.

You still need what you need. If that's not acceptable, choose a router with push-button WPS.

Unlike PIN-based WPS, you press a physical button to connect to your device, significantly reducing your chances of someone breaking through WPS.

Use better DNS

If you stop using ISP DNS and use services such as Google DNS, Cloudflare, and OpenDNS, you can browse the web a little faster.

Not only that, you can reach the target site by avoiding man-in-the-middle attacks, pop-ups, redirects, gap advertisements, and troublesome "I made a mistake in entering the address, so let's redirect to a web page full of spam and advertisements". It also comes with a bonus.

If you want to be more sly, put services like OpenDNS on your child's computer, ban time-consuming Tumblr and Reddit with parental controls, and use a different DNS provider (Google DNS, etc.) for yourself. You can also use it to see it without any restrictions.

Children hate it, but it may help for their future.

Consider MAC filtering

It's easy for an attacker to spoof a MAC address, but you can add some security by setting it so that only whitelisted devices can connect.

This filtering method is based on the MAC address of each device. A MAC address is a list of long letters or numbers, such as "00-11-22-33-44-55".

The downside is that you have to allow connections to your router every time you buy a new device, but you can forbid connections to devices that you don't allow.

However, as mentioned above, MAC addresses can be easily spoofed. If you find it less useful, you don't have to dare to use MAC filtering.

Consider WiFi scheduling

The router's scheduling feature is useful for people who work on a fixed schedule every day and don't need to connect to their home device remotely. If your router supports it, you can turn off WiFi during your absence.

However, if you have a lot of smart home devices that require an internet connection, this method may not be very practical.

On the other hand, if you live a relatively simple life where you don't need the internet when you're away, you don't need to waste electricity with a WiFi connection.

Besides, it's safe because it's impossible to hack into a non-existent network.

Disable suspicious services

You probably don't need to tweak your router settings when you're not actively connected to your WiFi network. If your router has features such as "remote management", be sure to disable it.

Consider disabling UpnP as well. People who use games, BitTorrent, etc. may be reluctant. However, there is even a dedicated site to show you how to break through UpnP, so if you need to open a port, it may be better to do it manually.

Depending on your router, you can set up an FTP server to move files in and out of your network. However, in this era of cloud storage, there is almost no need to operate an FTP server on your own. And it's much safer to disable such features.

You don't even need the ability to access via SSH or Telnet, or access your home USB printer or storage while you're away.

If there is such a feature, please disable it.

In short, consider disabling features that allow you to do something remotely, unless you really need them.

The less you can access your home network on the go, the less likely others can exploit your vulnerabilities to access your router (or your home network).

Turn off the cloud function of the router

If possible, also turn off the cloud function of your router. It might be nice to be able to edit router settings just by logging in to the manufacturer's cloud service, but it's like opening the door for an attacker.

It may not be an option like many mesh routers, but at the expense of convenience, it's much safer to manually log in using the web-based UI from a device connected to your home network.

Consider a WiFi network dedicated to visitors and smart home devices

I've been playing, testing, and reviewing many routers for over a decade.

I have never met a person who uses the guest network function of the router. I've never been to a friend's house to connect to a "guest network".

The guest network is very secure. The router will provide a separate SSID for the visitor, so the devices connected to it, whether wired or wireless, will be isolated from the devices connected to the main network.

The guest network has another advantage.

It can also be used to connect smart home devices that are concerned about security.

For example, even if you use the vulnerability of a smart light bulb to break into your network, there is a layer of security between you and your important computer or smartphone.

You can also use separate SSIDs and VLANs to separate your home network if your router supports it. It's a lot easier than spending the whole weekend holding your head without knowing what to do.

Image: Casezy idea / Shutterstock.com

Source: LinkSYS, Wonder How to, Net Gear, Google, 1.1.1.1, Open DNS, Bronto Bytes, Github, Upnp Hack, Router Security, New York Times, Lullabot

David Murphy --Lifehacker US