For a better WiFi security, let’s see how to configure the router … Having an open wireless network can be a security risk because it allows anyone nearby (for example, a neighbor) to access the network and potentially even spying on our connection.
The router, that device with antennas and lights that allows us to connect smartphones and computers to the internet without cables and wires (wireless), must therefore be set in order to prevent someone from connecting to our devices, to scrounge the internet connection and even to check what we do on the internet.
The default configurations, those set by the seller default, are not sufficient for the security of the router because, being equal for all, are known and easily overcome.
So let’s see what are the following important settings to be configured on the router for better home WiFi security.
First of all, each router model has its own set of options and a configuration panel that can be different depending on the manufacturer’s or supplier’s brand.
In some cases, when the router is provided by the internet provider (for example from Vodafone) it may also be that the settings are not accessible.
When possible, then the router settings to improve the security of the WiFi network, to have even stronger protection of the network.
1) Password of the WiFi
The best network password to access the WiFi is the WPA2 protocol, which is the most difficult to crack.
We have already explained in detail what it means to secure your home WiFi and protect yourself from network intrusion using a WPA2-PSK access key, compared to WPA and WEP.
Then look for the option to change your network access password in your home network or WLAN settings and set it with numbers and letters to make it not easy to find (do not use first and last names or birth dates).
2) Change password to access the router
If we entered the configuration panel of the router to make changes to the settings, we will certainly be logged in with username and password.
If these have never been changed and have remained pre-defined by the manufacturer (often with the user name Admin or Administrator), it is better to change them in a personal way to prevent someone from getting in touch.
3) Hiding the network (The SSID)
Hiding the network it is possible to make sure that nobody can detect it and then use it.
We have seen how to do this in a specific guide on how to hide the WIFI network by deactivating the SSID.
This setting is certainly very safe, but also inconvenient to use if you use many mobile devices on the network such as mobile phones, TV or Smart Plug.
4) Updating the firmware
The firmware of the router is something that many forget to take care of.
Most people do not check for firmware updates or do so only when they are first started.
Most manufacturers release firmware upgrades by correcting bugs and, above all, by covering security vulnerabilities that have come to light over time.
The update check should be done every 3 months, visiting the manufacturer’s site (Linksys, Asus, Belkin, Netgear, TP-Link, D-Link or others) and downloading the file that will then be loaded from the configuration panel, under the “Firmware Update” entry.
3) Enable, if possible, the https connection in the access to the administration panel.
4) Limit incoming traffic and insecure features
Port forwarding allows you to use some remote computer applications.
If used, you should use a non-standard port for the service you are configuring and filter internet traffic by preventing anonymous connections (if possible).
Also it would be better not to use features like UpnP, like DMZ, like Dynamic DNS.
5) Disable WPS (WiFi Protected Setup), which may be convenient, but which represents the main vulnerability of each router.
7) Activate the event log or LOG
Having the log active and then register all the activities of the router can be useful to analyze any connection problems or suspicious activity.
Also make sure that the clock and time zone are set correctly to have an accurate event log.
8) Guest Network
Set, if possible, a guest (guest) network to connect with friends who come to our house.
This network, always protected with a WPA2 key that is different than the password of the main network, can be limited in traffic, dedicated to accessing the internet who comes to visit us at home and, optionally, can also be excluded from the LAN (therefore does not see the computers connected to the main network).
9) Do not connect external disks or USB sticks to the router if there are important data in it whose contents could be exposed on the network and on the internet.
10) Use an alternative DNS (in DHCP) using, for example, Google DNS servers.
The DNS servers of the network provider may not only be slower but also more vulnerable to external attacks.
11) Change the range of IP addresses released on the network from the router.
As each router uses, by default DHCP, a range of IP addresses such as 192.168.1.x or 192.168.0.x, to avoid automatic attacks from outside you can use a different range such as, for example: 10.xxx, 192.168.xx, from 172.16.xx to 172.31.xx.
12) Deactivate the SID Broadcast and hide the WiFi network.
This prevents those who do not know the WiFi network from finding it with automatic scanning.
13) Activate the MAC filter
This can be inconvenient, but it allows the router to be told that only some specific computers or devices can connect, while the others must be authorized and added from the administration panel.
As seen in the article on what the MAC Address is and how it is used in a network, it is the identifier in the network of every device with WiFi.
The Mac Address filter allows you to allow access to the network only to the identified computers or smartphones, preventing it from all the others.
