Router security: How to setup Wi-Fi router securely
Wireless internet or Wi-Fi access has become a necessity in the home and workplace, but it can also open a door to risks from hackers, scammers, and identity thieves. Whether in your home or office, an unsecured Wi-Fi router running on the default manufacturer settings could be a liability when it comes to hackers and Wi-Fi squatters accessing your private information and burdening your broadband.
If your Wi-Fi network isn’t secured properly — a public IP address, no unique Wi-Fi password — you could be letting anyone with a wireless-enabled device gain access. You might not be worried about someone using your wireless connection, but the real risk is exposing sensitive information you send and receive — your emails, banking information, and maybe even your smart home’s daily schedule — to cybercriminals.
Basic router security
Every router should have a strong password to help keep out the bad guys. Some new routers come with default passwords, but you should change these during setup. Creating a new, complex, unique password for your wireless router is easy. It should only take a couple of minutes. Specific instructions vary from one router to another, but the basic idea is this:
- All wireless routers have a numerical address. If you’ve lost the instructions, you can probably find yours by searching online for your router’s model number.
- In Security Settings, create a name for the router, and a password, and then select a type of encryption, like WAP2. Do not name your router something that can easily be associated with you, such as your last name.
- Make sure you choose a complex password that you can remember, but one that’s not easy to guess.
- Don’t forget to save the updated information when prompted. Your router is now secured against roaming cybercriminals.
Different types of encryption
Depending on your router, you might have options for different kinds of encryption. The most common router encryption types are WEP, WPA and WPA2. Commercial routers from brands like Netgear, Linksys, and ASUS often include:
- Wired Equivalent Privacy (WEP): This is the oldest and most popular form of router encryption available. However, it is the least secure of all encryption protocols. It uses radio-waves that are easy to crack. For every data packet that is transmitted it uses the same encryption key. With the help of automated software, this information can easily be analyzed.
- Wi-Fi Protected Access (WPA): The Wi-Fi Alliance came up with WPA to offer an encryption protocol without the shortcomings of WEP. It scrambles the encryption key thereby getting rid of the problems caused by hackers cracking the radio-waves. This is also a less secure form of encryption, partly because of legacy hardware and firmware that still used WEP as their main protocol. However, it is a significant improvement over WEP.
- Wi-Fi Protected Access 2 (WPA2): This encryption type is currently the most secure and most recent form of encryption available. You should always select WPA2 if it is available. It not only scrambles the encryption key but is also does not allow the use of Temporal Key Integrity Protocol or TKIP which is known to be less secure then AES.
- Advanced Encryption Standard: When possible, you’ll want to use AES on top of WPA2 or WPA. This is the same type of encryption used by the federal government to secure classified information. Routers made after 2006 should have the option to enable this on top of WPA2.
How to set up Wi-Fi router securely: The specifics
Manufacturers know how important it is to make their products user-friendly. Most routers come with instructions that are easy to set up and configure. Apps are replacing bulky user manuals and web interfaces that walk users through the set-up process. While using apps has made setting up routers easier for customers, the router may not be completely secure. Here are a few things to consider before setting up the router.
Update your router with new firmware and keep it up to date
Updating your router’s firmware is an important security measure to help protect your router against the latest threats. Most modern routers allow you to enable notifications to prompt you when the manufacturer makes patches and updates to the router’s firmware available. Some manufacturers may even push the update automatically to your hardware, so you don’t have to do anything. However, there are some routers that have updates within the settings option. In this case, the user has to make sure that the firmware is manually updated regularly.
Change your login credentials and router password
Traditional routers come with a default password created by the manufacturer. While it may look complex and resistant to hacking, there is a good chance most models of the same router share the same password. These passwords are often easy to trace or find on the internet.
Make sure you change the password of your router during setup. Choose a complex alphanumerical password with multiple characters. If possible, change the username of your network, too. After all, it makes up half of the log-in credentials.
Always use WPA2 to secure your wireless network
Wi-Fi Protected Access 2, better known as WPA2, is a commonly used network security technology used on wireless routers.
It is one of the most secure encryption options available in the market since 2006. WPA2 scrambles the traffic going in and out of the router. That means even if someone is within range and can see traffic, all they see is the encrypted version.
Wi-Fi Protected Setup (WPS) was created with the intention of making the user experience easier and quicker when connecting new devices to the network. It works on the idea that you press a button on the router and a button on the device. This makes both devices pair automatically.
The user has the option to use a personal identification number, or PIN, to setup the device to create a connection. This eliminates the use of the 16-character WPA password that most routers use.
However, because of the PIN, WPS earned a bad reputation for being insecure. The PIN is an eight-digit number that can easily be hacked by repeatedly using various combinations of the usernames and passwords. This is carried out with the help of software. This kind of an attack is called a brute force attack.
Most routers allow users to disable WPS. Even if the PIN option appears to be disabled, it is wise to disable WPS. In recent years, it was discovered that many routers from reputed manufacturers allowed PIN-based authentication even when it appeared to be disabled.
Schedule your wireless network’s online schedule
If you don’t use internet-connected devices like smart coffee makers and smart refrigerators, then scheduling your wireless network’s online schedule may work for you. It helps to disable the internet when it is not in use. A disabled network won’t show up in hacker’s list.
Get rid of any risky or unverified services
It would be wise to disable remote access to your router when you are actively connected to it.
Take UPnP, for example. Universal Plug and Play or UPnP is an easy way to allow devices to find other devices on your network. It can also alter the router to allow devices from other networks to access your device. However, it has helped hackers to introduce malware and viruses by making them bypass the firewall. Mirai Botnet is an example of one such attack.
Setup a guest network for smart home devices
A guest network has its advantages. It not only provides your guests with a unique SSID and password, but it also restricts outsiders from accessing your primary network where your connected devices work.
Once you have set up a guest network, you will not have to share your primary network password with your guests. They will be unable to access your Internet of Things-enabled devices or infect your network and devices with malware or viruses that may be on their devices.
Other router security helpers
Aside from your router settings and making sure to use your Wi-Fi network’s security features, there are some other options, like using a virtual private network, in addition to device security and identity theft protection in the form of all-in-one protection like the NEW Norton 360 with LifeLock.
Use a virtual private network or VPN
A virtual private network (VPN) encrypts connections between devices, creating online privacy and anonymity. A VPN can mask your internet protocol (IP) address so your online actions are virtually untraceable. VPN services establish secure and encrypted connections to provide greater privacy of the data you send and receive, even on secured Wi-Fi hotspots.
Always use a firewall
A firewall monitors incoming and outgoing network traffic and allows or blocks specific traffic. It is an important security feature to look for when selecting a router. For the online safety of your network and devices, it’s smart to never disable a firewall.
Install and use a strong antivirus and security software
Setting up security for your wireless network doesn’t take much time at all and will do much to help protect you against hackers. Cybercriminals work tirelessly to gain access to your personal and financial information. A small investment in security software could go a long way.
Even if you don’t have neighbors you want to prevent from borrowing your Wi-Fi, you’ll be protecting yourself from more dangerous snoops. Especially now that so many homes are connected and various devices are using Wi-Fi, you’ll be wise to protect all of the information those devices contain. Don’t take chances. Just a few minutes of selecting the right home Wi-Fi router settings can mean all the difference to your connected world.
Don’t wait until a threat strikes.
Security threats and malware lurk on Windows PCs, Macs, and Android and iOS devices. If you use more than one device – like most of us do – you need an all-in-one security suite. Meet Norton Security Premium.
Enjoy peace of mind on every device you use with Norton Security Premium.
Editorial note: Our articles provide educational information for you. Norton LifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.
Norton by Symantec is now Norton LifeLock. LifeLock™ identity theft protection is not available in all countries.
Copyright © 2019 Symantec Corporation. All rights reserved. Symantec, the Symantec logo, the Checkmark logo, Norton, Norton by Symantec, LifeLock and the LockMan logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the United States and other countries. App Store is a service mark of Apple Inc. Microsoft and the Windows logo are trademarks of Microsoft Corporation in the United States and/or other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution Licence. Other names may be trademarks of their respective owners.