Having an open wireless network can be a security risk as it allows anyone close (for example, a neighbor) to access the network and potentially even spy on our connection.
The router, that device with antennas and lights that allows us to connect smartphones and computers to the Internet without cables and wires (wireless), must therefore be set up in order to avoid that someone can connect to our devices, scrounge the internet connection and also to check what we do on the internet.
The default configurations, those set by the default vendor, are not sufficient for router security because, being the same for everyone, they are known and easily overcome.
Here then we see what are the important settings to configure on the router for better wifi security in the home.
READ ALSO: 10 Main Options on the Wifi Router: web access and configuration
First of all, each router model has its own set of options and a configuration panel which may be different depending on the brand of the manufacturer or supplier.
In some cases, when the router is provided by the internet provider (for example by Vodafone) it may also be that the settings are not accessible.
Whenever possible, then the router settings to improve wifi network security, to have even stronger network protection.
READ FIRST: Enter the router to access the settings in an easy way
1) Wifi password
The best network password to access wifi is the one with WPA2 protocol, which is the most difficult to crack.
We have already explained in detail what it means to secure your home Wifi connection and protect yourself from network intrusions using a WPA2-PSK access key, compared to WPA and WEP.
Then look for the option to change your network access password in your home or WLAN network settings and set it with numbers and letters to make it not easy to find (do not use names and surnames or dates of birth).
2) Change the password to access the router
If we entered the router's configuration panel to make changes to the settings, we would certainly have logged in with a username and password.
If these have never been changed and the ones that have been predefined by the manufacturer (often with Admin or Administrator username) have remained, it is better to change them in a personal way to prevent anyone from getting in touch with them.
3) Hide the network (The SSID)
By hiding the network, you can make sure that nobody can detect it and then use it.
We saw how to do it in a specific guide on how to hide the WIFI network by deactivating the SSID.
This setting is certainly very safe, but also inconvenient to use if you use many mobile devices on the network such as cell phones, TV or Smart Plug.
4) Update the firmware
Router firmware is something many people forget to take care of.
Most people don't check for firmware updates or only do it the first time they start.
Most manufacturers release firmware upgrades by fixing bugs and, most importantly, covering security vulnerabilities that have come to light over time.
Checking for updates should be done every 3 months, by visiting the manufacturer's website (Linksys, Asus, Belkin, Netgear, TP-Link, D-Link or others) and downloading the file which must then be loaded from the configuration panel, under the item " Firmware Update ".
3) Enable, if possible, the https connection when accessing the administration panel .
4) Limit incoming traffic and insecure features
Port forwarding allows you to use some computer applications remotely.
If used, it is advisable to use a non-standard port for the service you are configuring and filter internet traffic by preventing anonymous connections (if possible).
We have seen in another article the guide to configure the correct port forwarding on the router.
Also it would be better not to use features like UpnP, like DMZ, like dynamic DNS.
5) Disable WPS (WiFi Protected Setup), which can be convenient, but which represents the main vulnerability of each router.
In another article we saw how to use the WPS button of Wifi devices safely.
7) Activate the event log or LOG
Having the log active and therefore recording all the activities of the router can be useful to analyze any connection problems or suspicious activities.
Also make sure that the clock and time zone are set correctly to have an accurate event log.
8) Guest Network
Set up, if possible, a guest network to connect friends who come to our house.
This network, always protected with a WPA2 key that is different from the password of the main network, can be limited in traffic, dedicated to making those who visit us at home access the internet and, optionally, it can also be excluded from the LAN (therefore does not see computers connected to the main network).
9) Do not connect external disks or USB sticks to the router if there are important data inside whose content could be exposed on the network and on the internet.
10) Use alternative DNS (in DHCP) using, for example, Google's DNS servers.
The DNS servers of the network provider can be not only slower but also more vulnerable to external attacks.
in another article the guide to change DNS in the router
11) Change the range of IP addresses released on the network by the router .
Since each router uses, by default of DHCP, a range of IP addresses such as 192.168.1.x or 192.168.0.x, to avoid automatic attacks from the outside you can use a different range such as, for example: 10.xxx, 192.168.xx, from 172.16.xx to 172.31.xx.
12) Disable the SID Broadcast and hide the wifi network .
This prevents those who do not know the wifi network from finding it with automatic scanning.
13) Activate the MAC filter
This can be inconvenient, but allows you to tell the router that only some specific computers or devices can connect, while others will need to be authorized and added from the admin panel.
As seen in the article on what the MAC Address is and how it is used in a network, it is the network ID of each device with wifi.
The Mac Address filter therefore allows access to the network only to identified computers or smartphones, preventing it from all others.
In other articles we have also seen:
- Check if someone steals the wifi internet connection and how to protect the wireless network
- Protect the wireless network from intrusion, eavesdropping and espionage
The router, that device with antennas and lights that allows us to connect smartphones and computers to the Internet without cables and wires (wireless), must therefore be set up in order to avoid that someone can connect to our devices, scrounge the internet connection and also to check what we do on the internet.
The default configurations, those set by the default vendor, are not sufficient for router security because, being the same for everyone, they are known and easily overcome.
Here then we see what are the important settings to configure on the router for better wifi security in the home.
READ ALSO: 10 Main Options on the Wifi Router: web access and configuration
First of all, each router model has its own set of options and a configuration panel which may be different depending on the brand of the manufacturer or supplier.
In some cases, when the router is provided by the internet provider (for example by Vodafone) it may also be that the settings are not accessible.
Whenever possible, then the router settings to improve wifi network security, to have even stronger network protection.
READ FIRST: Enter the router to access the settings in an easy way
1) Wifi password
The best network password to access wifi is the one with WPA2 protocol, which is the most difficult to crack.
We have already explained in detail what it means to secure your home Wifi connection and protect yourself from network intrusions using a WPA2-PSK access key, compared to WPA and WEP.
Then look for the option to change your network access password in your home or WLAN network settings and set it with numbers and letters to make it not easy to find (do not use names and surnames or dates of birth).
2) Change the password to access the router
If we entered the router's configuration panel to make changes to the settings, we would certainly have logged in with a username and password.
If these have never been changed and the ones that have been predefined by the manufacturer (often with Admin or Administrator username) have remained, it is better to change them in a personal way to prevent anyone from getting in touch with them.
3) Hide the network (The SSID)
By hiding the network, you can make sure that nobody can detect it and then use it.
We saw how to do it in a specific guide on how to hide the WIFI network by deactivating the SSID.
This setting is certainly very safe, but also inconvenient to use if you use many mobile devices on the network such as cell phones, TV or Smart Plug.
4) Update the firmware
Router firmware is something many people forget to take care of.
Most people don't check for firmware updates or only do it the first time they start.
Most manufacturers release firmware upgrades by fixing bugs and, most importantly, covering security vulnerabilities that have come to light over time.
Checking for updates should be done every 3 months, by visiting the manufacturer's website (Linksys, Asus, Belkin, Netgear, TP-Link, D-Link or others) and downloading the file which must then be loaded from the configuration panel, under the item " Firmware Update ".
3) Enable, if possible, the https connection when accessing the administration panel .
4) Limit incoming traffic and insecure features
Port forwarding allows you to use some computer applications remotely.
If used, it is advisable to use a non-standard port for the service you are configuring and filter internet traffic by preventing anonymous connections (if possible).
We have seen in another article the guide to configure the correct port forwarding on the router.
Also it would be better not to use features like UpnP, like DMZ, like dynamic DNS.
5) Disable WPS (WiFi Protected Setup), which can be convenient, but which represents the main vulnerability of each router.
In another article we saw how to use the WPS button of Wifi devices safely.
7) Activate the event log or LOG
Having the log active and therefore recording all the activities of the router can be useful to analyze any connection problems or suspicious activities.
Also make sure that the clock and time zone are set correctly to have an accurate event log.
8) Guest Network
Set up, if possible, a guest network to connect friends who come to our house.
This network, always protected with a WPA2 key that is different from the password of the main network, can be limited in traffic, dedicated to making those who visit us at home access the internet and, optionally, it can also be excluded from the LAN (therefore does not see computers connected to the main network).
9) Do not connect external disks or USB sticks to the router if there are important data inside whose content could be exposed on the network and on the internet.
10) Use alternative DNS (in DHCP) using, for example, Google's DNS servers.
The DNS servers of the network provider can be not only slower but also more vulnerable to external attacks.
in another article the guide to change DNS in the router
11) Change the range of IP addresses released on the network by the router .
Since each router uses, by default of DHCP, a range of IP addresses such as 192.168.1.x or 192.168.0.x, to avoid automatic attacks from the outside you can use a different range such as, for example: 10.xxx, 192.168.xx, from 172.16.xx to 172.31.xx.
12) Disable the SID Broadcast and hide the wifi network .
This prevents those who do not know the wifi network from finding it with automatic scanning.
13) Activate the MAC filter
This can be inconvenient, but allows you to tell the router that only some specific computers or devices can connect, while others will need to be authorized and added from the admin panel.
As seen in the article on what the MAC Address is and how it is used in a network, it is the network ID of each device with wifi.
The Mac Address filter therefore allows access to the network only to identified computers or smartphones, preventing it from all others.
In other articles we have also seen:
- Check if someone steals the wifi internet connection and how to protect the wireless network
- Protect the wireless network from intrusion, eavesdropping and espionage
