How to Secure Your Home Router
Consider the Def Con presentation by a researcher who tackled 30 routers, which included several common and popular brands, and then successfully hacked into 50 percent of them. Your home networking is susceptible to attack because the firmware running your router is a far cry from the automatically patched and updated operating system on your computer. Your router’s firmware is obsolete and its vulnerabilities are already known to people who want to exploit those gaping security holes. And since your home router serves as a portal for which you connect to the Web, a hacker from anywhere in the world can break it, plant malware in your network, go through your files, or spy on you through your own security camera.
What you can do–until such time router manufacturers will up their game–is to observe basic safety precautions. Keep your home networking system more secure than that of the average user. Here are ways to do that.
Invest on the latest hardware versions. With price tags between £150 and £200 or sometimes even more, the latest N and AC router models are more expensive compared to the typical ones priced at around £40 or less. The newer routers, however, offer an increased security level.
Log in to your router’s configuration settings and change your default username and password. You need to enable WPA2-PSK with an AES encryption, because running WEP security can get your Wi-Fi network hacked by just about anyone who can follow the WEP-cracking steps readily available on the internet. Create the pass key for your wireless router. That same key has to be entered if you want to connect your mobile devices and computers to your home network. There is also a default name for the network’s Service Set Identifier (SSID). You might want to change that, too.
Aside from enabling the encryption protocol and modifying the default usernames and passwords, you can secure your router further by having unique passwords for all the different ports–HTTP, FTP, HTTPS, and remote desktop–that run the different types of traffic in your home network.
Disable any form of anonymous access to your home network’s FTP service, which allows file-sharing with everyone. Read your router’s user manual. It gives your router’s default IP address. Type that address on a browser to access the FTP service settings.
Heed the recommendation of the Department of Homeland Security and disable your Universal Plug and Play (UPnP). With UPnP, you are allowing your home network to communicate blindly–with no authentication whatsoever–with just about any source. To disable this potentially dangerous protocol for common networking, type your router’s IP address on a browser. The default internal IP address is found on your router’s manual. If it was set up by your ISP, you can call customer support to ask for it. Enter your password. You’ll then see the Web interface. Look for the option to disable UPnP by checking administration or advanced controls, depending on your router type and brand.
Also, turn on automatic updates and keep an eye on any security alerts. Don’t forget to keep your firmware updated regularly.