How to improve the security of a router + Tips and Tricks

A router is a fundamental piece of the network infrastructure of a home or small office. Although it is a device with poor visibility because most users install it by their Internet service operator and forget it while it works correctly, a minimum management is required for users who want greater possibilities and better connectivity.

Also for those who want more control and security, because a badly configured router can leave your digital home open to all kinds of attacks and compromise the data circulating on the network.

How to improve the security of a router

If you have recently contracted a new Internet service, your operator has recently installed a new wireless router, you are going to change it for a third party or expand it with additional access points, we recommend investing a few minutes to perform tasks that can save you a lot headaches in the future, ensuring proper operation and above all increasing the security of these devices.

Update the firmware

The router has a set of operating instructions and tools stored on a memory chip inside the device. Firmware updates are quite stable and therefore infrequent, but it is convenient to update them because it is not known how long the router has been on the operator’s shelves. In addition, there are internal vulnerabilities in firmware and specially targeted exploits against this chip.

Change the default login

The easiest access to the router is through a web interface using its access IP address (192.168.0.1, 192.168.1.1 or similar). Almost all routers of the same make or model have a specific username / password programmed to facilitate access to the router.

This type of access is public knowledge and is usually as simple as the well-known “admin / admin”. A search on the Web is enough to know them and there are even specialized tools such as RouterPasswords that provide the data of any known brand and model. Therefore, it is necessary to change at least the password as soon as possible to prevent unauthorized access to the router and thus control our entire network. The moral is: “Change the administrator password before someone changes it for you”.

Set a strong Wi-Fi password

Like the access password, to improve the security of a router it is essential to change the default password for access to the Wi-Fi wireless network. Although the situation has improved, there are still many operators that use less secure protocols and passwords that can be easily knowable. Or that they are placed on a sticker on the same router within the reach of third parties that have physical access and that perhaps they should not know about it.

All current routers (or Wi-Fi access points) support strong encryption like WPA3 or WPA2. They are the protocols that we must use, totally eliminating others such as WEP. As for the password, you know, it is useless to use a strong protocol if we put the name of our dog, known to all our neighbors. It should be the longer the better, combining uppercase, lowercase, symbols and numbers or generating random keys with free and open source password managers like the ones in the link.

Change the SSID or hide it

The Service Set IDentifier it is a name included in all packages on a wireless network. With a maximum of 32 alphanumeric characters, it refers to the name of our wireless network or of others that are within reach of a device or computer. The name included by default, generally reveals the model and manufacturer, something that we should not reveal either, even more so if we have not changed its specific access as you can tell us in point two.

In addition to changing its name, the configuration of the routers allow the option to hide this SSID to prevent it from being shown as a wireless network. There are special programs that can track it but it is a recommended option.

Disable remote access to the router

99 percent of home users do not need this feature that allows access to the router from any point with Internet access. Since the router not only functions as the brains of managing the home network, but also as a firewall, remote access can be another open door for third parties to gain full access to the home network. Make sure this feature is disabled.

Manage MAC addresses

Each device that can connect to a network is assigned a unique identifier in the form of a number called a MAC address. It is hardcoded from the production of each device and cannot be changed. This allows us to control exactly the devices that can (or not) access our network and is another important section to improve the security of a router.

Most of these devices offer this MAC address filtering feature. You can block specific devices or for greater security create a list of only those devices that can connect. The MAC address of each computer is easily knowable with the command “ipconfig” in Windows, Mac or Linux. On Android, iOS or Windows Phone devices, you can see it in the advanced Wi-Fi settings.