This is the third part in our series on personal security that offers methods to strengthen your overall security posture. By taking a holistic approach to security, you are protecting your website against attack vectors due to poor security practices in various aspects of your digital life. This post shares some insight on how to secure your network.
When we talk about a network, we mean the way you connect to the internet. For most of us, this means via WiFi.
There are a few security issues to be aware of. If someone is able to eavesdrop on your network traffic, they can grab information like your website administrator credentials. This kind of hack is known as a man-in-the-middle attack. Unauthorized devices connected to your network can drain your download speeds. We have also written in the past about home routers being used as part of a botnet. Taking steps to make these vulnerabilities difficult to exploit helps ensure the security and performance of your internet communication.
Regardless of the Internet Service Provider (ISP) you use, all traffic coming and going from your router should be locked down. This post will just cover the basics for setting up your home or office network.
Accessing Router Admin Panel
Take a look at your WiFi router and you might find the default gateway and login to access your router’s configuration panel.
Look for the following information:
- The admin settings login IP address
- Your default admin username.
- Your default admin password.
Model number and configuration login are usually listed on the router. If the information isn’t listed on your router, you have a few options. If your ISP gave you the router, you can call their support line and have a technician walk you through the process. If you purchased the router, you should be able to find the model number on the router and look up the information on the manufacturer’s website.
Visit the IP address in your browser and you’ll be directed to the router admin panel. This page is only accessible when you are using the router’s WiFi network. The rest of this section focuses on settings and configurations that may be available depending on the router you use.
Change Router Admin Password
To change your router administration password, look for the Advanced or Security settings for an option related to your admin password.
Make sure you use a strong password and add it to your password manager. For more information, check out our first post in this series about online account security.
Network Name and Password
If you are not using the default WiFi network name already, make sure you select one that doesn’t personally identify you, or draw attention from hackers. This is especially relevant in apartments or condos where you can see a long list of the WiFi names in the area.
You can use the same admin panel to access the settings and update the default password to a stronger one. If you have already done this, I would recommend changing it every six months or so. You will have to re-enter it on all devices, so keep that in mind, but it’s worth it in the end.
Firmware Update
You should also update the firmware on your router, which you can find in your admin panel. Using the latest version of software ensures you have all available security patches. Many people don’t realize that their router also comes with software, but it’s an important piece.
There are alternative firmware solutions available for routers that we will discuss a bit later.
Use WPA2 Encryption
For router encryption, check to make sure you use WPA2 and not WEP or WPA. On some routers, you have the option to change this in the same router access panel.
WPA2 is the latest WiFi encryption standard, with improvements that include forcing AES algorithms and a number of additional upgrades compared to its predecessor, WPA.
Disable WPS
Make sure you disable WPS (WiFi Protected Setup). This is the button on your router that makes it easier to add new devices to your network, but it isn’t secure.
If you have this option available, make sure it’s disabled in your wireless admin panel.
Use Guest Networks
If your router has an option to add a guest network, I recommend enabling it. This comes in handy if you ever need to allow someone access to your WiFi, but they aren’t familiar with the finer points of proper security. Of course, you can always refuse, but this is sometimes tough to say to friends or family.
Disable UPnP
There will also be a setting in your admin panel for UPnP – Universal Plug and Play. This allows networked devices like computers, printers, and devices to discover each other on the same network. This can introduce security risks, and should be disabled if the option is available.
Additionally, any feature that allows for remote administration of your network should be disabled.
Limiting Access When Away
Most routers come with an option to effectively “shut down” the network for a certain time period during the day. It isn’t convenient to change this frequently, but if you know a certain day of the week or time period when no one will be using the network, you may be able to use this option effectively. Whenever I leave on a trip, I just unplug my router.
Most routers also have an option to check the active devices connected to the network in the router admin settings. If you don’t recognize a device, you can do some investigation. Keep in mind that with the Internet of Things (IoT), we have a lot more devices using WiFi than you might realize. Remember all of the baby monitors, alarms, door bell openers, and other possible devices that could be connected to your network that you may not have thought of ruling out. If you still don’t recognize a device, it’s possible your network has already been compromised and you can react accordingly.
DNS and Parental Controls
Something you may consider doing is implementing OpenDNS on your router. This way, all traffic from your network uses specific DNS servers which allow you to configure settings. For example, with OpenDNS, you can block certain categories of sites. There are also other security and performance benefits to using it as well.
For those that have kids, it can be very useful to block access at the router level. Most routers come with the option of enabling specific parental controls.
Additional Considerations
Two often recommended security options are to hide your SSID (network name) or to restrict the allowed MAC addresses to your approved devices. However, both of these procedures can easily be defeated with modern hacking tools, and mostly offer security through obscurity. I don’t think they are worth the hassle, but everyone is free to choose their own balance of risk versus security.
If the option exists, enable logging so that if anything suspicious happens, you have logs to help you find out what is going on.
Conclusion
You can go even further by upgrading the firmware on your router (DD-WRT or Tomato) or configuring additional network hardware and settings.
While we covered personal networks in this post, it goes without saying that using WiFi networks that aren’t under your control can be dangerous and you should be extremely cautious when doing so. There are a lot of options that can secure your traffic when using public WiFi, and we will cover some of these in a future post.
If you need help with your WiFi router settings, you may be able to find support articles or contact information through your ISP or router manufacturer. Always use official sources when seeking help with security settings.
What do you do to protect your network? Let us know by tweeting us @SucuriSecurity, or you can also email us at info@sucuri.net.