Header Ads

Router and home network security/ WiFi Security

Internet connection has become a growing basic need of any individual.
Today it can very clearly be seen a person cal survive without Food for more then 7 days, whereas when compared to internet connection it goes impossible to stay even few hours.

This growing need of Internet has flooded the air with WiFi connections.
Today its very easy to find a wifi connection specially in India.
With our research even in Rural areas across India we have found existence of  6 WiFi on average between the radius of 80 m. Most of which are supposed to be home network.

No doubt today leading companies like:

  • BSNL
  • MTNL
  • ACT Indescribable.
have made it easier to get home networks at good available rates.

But these growing home networks have led to a worry of connection being hacked.

We have observed today a large number of people searching for the ways to hack WiFi.

On average 5 out of 20 people surfing internet search for WiFi Hacking.
where as 1 out of every 40 people read about Securing Networks.

Ethical Hackers Club Again warns Your Intelligence is your only protection.


Lets go ahead and learn about WiFi And Router Security.

Picking a Router

        The first step towards a secure router is choosing a router.

Many people use the device given them by their Internet Service Provider (ISP) which I think is a bad idea for a number of reasons.

The next decision is buying a consumer router or a business class device. Don't buy a consumer router. 
I am not alone in pointing out the sad state of router software/firmware.

Routers We Recommend:

Secure Router Configuration

When complete, this site will list dozens of tweaks to make a router more secure. But, at the least, make these changes:
  1. Change the password used to access the router. Anything but the default is OK.
  2. Turn off WPS
  3. Wi-Fi security should be WPA2 with AES (do not use TKIP)
  4. The Wi-Fi passwords need to be long enough to stall brute force attacks. Opinions on the minimum length differ, my best guess is that 14 characters should be sufficient. A totally random password is not necessary, "999@shivmandir" is both long enough and easy to remember.
  5. Turn off Remote Administration (its probably off already)
  6. If any of your Wi-Fi networks (a router can create more than one) use the default name (a.k.a. SSID) then change it. Also, if they use a name that makes it obvious that the network belongs to you, then change it.
  7. Test the firewall in the router at Steve Gibson's ShieldsUP! site. Start with the Common Ports test but also do the All Service Ports test. Finally, do the Instant UPnP Exposure Test (orange button).
  8. Use a Guest Network whenever possible. Any computer running Windows 10 should never be allowed on the main network, always restrict them to a Guest Network.
  9. For extra credit, turn off UPnP. If it breaks something, and port forwarding is beyond your ability, then you have a choice to make.
  10. For more credit, turn off wireless networks when not in use. Some routers let you schedule this, others have a Wi-Fi on/off button. If the router has an iOS or Android app, the app may be able to do this. Many routers, however, will require logging in to their web interfaces. Make a browser bookmark for this.
  11. Periodically update the firmware and eat your vegetables

Secure Router Configuration in Detail 

New Router Initial Setup

Every set of instructions I have seen from a router manufacturer says to start the new router setup by plugging the router into the Internet. I disagree.
While a new router needs to be online to get bug fixes (a.k.a. updated firmware) I would first make the changes below while off-line*.
  • Change the default router password
  • Change the default WiFi password(s)
  • Change the default WiFi network name(s)
  • Turn off WPS
You may even want to turn off WiFi altogether.
I would not make all the changes suggested elsewhere on this site however, because new firmware may modify or wipe them out.
Even after changing these default values, I would still not put the router directly on the Internet. It is safer to plug it into a LAN port on an existing router. This puts a firewall in front of the new router, yet still lets it download updated firmware (the operating system in the router is referred to as firmware).
This plan has one potential problem however: IP address conflicts. If the existing router is, for example, and the new router also defaults to the same IP address, bad things will happen if the new router is plugged into the old one. The easy solution is put the new router directly on the Internet. The better solution is to change the default IP address of the new router, something that should be done anyway.
I have had bad experiences with routers finding the latest firmware. If your router can do so, fine, let it self-update to the latest firmware it can find. Be aware, that this may be done in steps. That is, a router that shipped with firmware version 5, may update to version 6, then version 7, then version 8. It may not be able to update directly from version 5 to 8.
When the router says it has the latest firmware, I would not believe it. I suggest going to the website of the company that made the router and manually searching for the latest firmware.
After the firmware is brought up to date, take the router off-line and make the changes suggested elsewhere on this site.
My experience has been that it is faster, easier and more reliable to make these changes from an Ethernet connected computer (plugged into one of the LAN ports) rather than WiFi.

  1. Setting a good router password (not WiFi password) is almost always the best first step for both new and existing routers
  2. Selecting a unpopular range of IP Addresses helps prevent many router attacks
  3. Don't let DHCP give out the full range of available IP addresses. Reserve some for static assignment.
  4. Turning off features you are not using reduces the attack surface 
  5. Be smart about choosing an SSID/network name 
  6. There is more to encryption than just choosing WPA2
  7. Of course, upgrade the firmware
When you are all done making configuration changes to a router, it is a good idea to back them up. Routers normally can export a file with the current settings. On a Pepwave Surf SOHO router, go to the System section, click on Configuration, then click the Download button to Download Active Configurations. With a TP-LINK Archer C8, go to the Advanced tab, click on System Tools, then on Backup and Restore, then the Backup button. 

Facing Problems with Home network Configuration, Securing connection, Confused with Setting up your router feel free to contact us and get solutions from us.

We are Happy to help.

No comments

Powered by Blogger.