How to make your router more secure

Here is a nice practical guide on how to make the home router safer by following some simple steps that will allow you to increase security when you are at home but also in the office

Increase the security of our router: Advice

Increase the security of our router: Advice

More and more often we hear of hacker attacks on private networks such as domestic ones, and the growing number of devices connected to the Internet puts even more risks to our internal networks that never before are at risk of entry from outside.

In this article we will see how to raise barriers and make life more difficult for hackers by going to configure and apply rules on the home router, so as to have a safer network.

The router takes care of connecting to the Internet dozens of devices both via Wifi and through the Ethernet cable network, and it is the router that is the object of numerous hacker attacks to try to access our local network.

How to make the Home Network more secure by acting on our Router

1 – Update the Firmware

Having an updated firmware will allow you to solve all the bugs of your router discovered after purchase. Usually all manufacturers have a page where to check the latest version available, with the guides step by step to update it. In some cases, old or outdated router can be considered to install third-party firmware such as DD-WRT, OpenWrt, Tomato and others.

2 – Change the password to access the Router

The most frequent attacks are to access routers all over the world, using the default password set by the manufacturer. This is because 90% of routers in circulation, always use the same initial credentials, without being changed. On sites like Router Passwords, Passwords Database and CIRT you can find the default passwords of routers, inserting brand and model.

Well, by accessing your router by typing in a common browser the address 192.168.1.1 or 192.168.0.1 you will enter your router, and from there after logging in with the default data, we advise you to find the section where to change it. Use complex passwords to memorize and find, which are long, with letters, numbers and special characters.

3 – Change the SSID and password of your Wifi network

The SSID, the name of your Wifi network, must be changed, in order to make it more difficult to identify the service provider or change the access standard. WPA2 is currently the safest, while WPA3 should come out soon, if you see a different standard you are exposed to hacker attacks, because the protection system is weak and easily crackable.

Here, too, use complex passwords to be memorized and found, which are long, with letters, numbers and special characters.

4 – Change DNS

Also changing DNS, the method by which the names of internet addresses are resolved in server IPs, can be fundamental to our privacy, so that they are resolved by faster, more precise and more secure.

Read our article: Change and find the fastest DNS to set the correct ones.

DNS resolves the name of a website and by changing DNS you can be sure that you do not use those imposed by the operator, which could analyze your traffic.

5 – Disable WPS

The convenient function that allows you to connect a wifi device to the internet without entering the password is always a source of attacks and it is advisable to deactivate it. If you really do not want to do without it, at least disable the WPS PIN function.

6 – Deactivate UPnP

The UPnP protocol (Universal Plug and Play) is used to communicate devices and software without too many complicated procedures. Unfortunately, this protocol is weak, and is always subject to hacker attacks that aim to open incoming ports without knowing the credentials.

If you do not make heavy use of this feature, turn it off without problems. The Gibson Research Test website allows you to check if your router exposes UPnP on the internet, and then decide if you need it or not, and proceed with deactivation.

7 – Check the Port Forwarding

Another important aspect is port forwarding, which allows you to control where traffic is routed to a given device by checking which ports it lands, so as to find out if there is any app or service that behaves badly and eventually close everything. Going on this page we can check if there are open ports and discover the connected devices data.

8 – Use a Wifi Guests

For guests used and set up a separate network, which is divided by your principal, so you can not access our files and devices connected to the network. Usually each router allows the creation of a Wifi network for guests with reduced and non-intrusive features.

9 – Deactivate functions that do not use and response to Ping

The routers are very powerful and have a lot of features that not everyone usesDeactivate them as SNMP, NAT-PMP or access via telnet that you most likely do not use, and also disable responses to the PING command to verify that a device is connected. All these settings disable them directly from the router’s admin panel.

10 – HNAP this unknown

The HNAP, Home Network Administration Protocol, allows to manage network devices and is no longer implemented. Older routers support it but many are active and can not be disabled from the settings. To check if the service is active, type 192.168.1.1/HNAP1/ or 192.168.0.1/HNAP1/ from the command line.

11 – Block Outgoing Ports used for sharing files and folders

The ports UDP 138, UDP 137, TCP 139 and TCP 445 are used to share files and folders and in some cases they are used to carry out attacks. Disable these ports only on exit to sleep peacefully.

12 – Deactivate the statistics and data collection functions

Many routers integrate functions of collecting data and statistics which are then sent to the individual producers. If they are active, deactivate them without problems so as not to send your data to the router manufacturers.

These are some of the methods you can apply on your router to make the network safer but as usual no one can assure you the total security that nobody accesses your home network, but at least try to make it safer.

Leave a Reply

Your email address will not be published. Required fields are marked *