Tech ramblings and grumblings

Make your home router better and more secure

Most people receive a home router from their ISP (Internet Service Provider) when they purchase a broadband package.

These routers are designed to work out of the box, but aren’t necessarily setup in the best way.

I’ll be walking you through some top tips on how to make your home router work better for you and also how to make it more secure to prevent cyber attacks.

This guide assumes you are already logged in to your router’s admin panel (usually by visiting your router’s IP address in a browser e.g. 192.168.1.1, 192.168.0.1, 192.168.1.254 or could be something else).

Change the router admin panel password

Most routers come with a default admin password (sometimes on a sticker on the back of the router or on a little card).

This is likely a string of random characters like “ABC123DEF” or worse, just “admin” or “password”.

You should change this password immediately to something more secure that only you would know. Something like 3 memorable words separated with a dash/hypen “-” e.g. “apple-stone-potato”. A good website to check your password strength is howsecureismypassword.net.

If there is an option to change the username, that is always good to change as well, since it is likely to be “admin” by default, which makes it easier for hackers to guess.

Change the default SSID and password

Most routers come with a default SSID and password to connect.

This is likely in the format of the ISP name followed by a few random characters like “BT-ABC123” or “SKY-DEF456”.

The password is usually a string of random characters too like “abc123DEF456”.

Both of these are hard to identify, hard to remember (sometimes the routers come with a sticker or card with these credentials on, but it easy to lose) and hard to give out to your guests when you want to share your WiFi with them.

I’d recommend changing the SSID to something that you would remember, but not something that would easily identify you or your home, as that would make you a bigger target.

Also change the default password to something you will remember, but again, make sure it is secure and different from the router’s admin panel password this time.

Turn off Smart Setup (mainly BT routers)

For some reason, most BT routers have a default setting enabled called “Smart Setup”, which sounds good but it really isn’t.

Every time a device connects to the WiFi, an annoying webpage pops up and prompts you to download some software.

This is not needed and is very annoying, so you can safely switch this off to avoid annoying other users on your WiFi network.

Turn off WPS (WiFi Protected Setup)

WPS is a feature that allows devices to connect to your WiFi network without using a password by pressing a button on the router while the device is asking for the password or entering an 8 digit number instead of the password.

This feature is enabled by default and while it sounds good, the 8 digit key can now be brute-forced by hackers.

Therefore, it is considered a security risk and should be turned off.

Split the 2.4 GHz and 5 GHz wireless bands

Most routers share the same SSID for both the 2.4 GHz and 5 GHz bands.

For those who won’t know, the 2.4 GHz band is supported by all devices that have WiFi and is not as fast, but it better for longer range, where the router is further away from the device connecting. The 5 GHz band is only supported by newer, modern devices and allows for a faster speed, but is not good for longer range.

Based on this knowledge, it would be better to separate the 2 bands, so you have full control over which band you want your device to be on (if your device supports both).

You can change the SSID’s to reflect this either by adding the number “5” or “5GHz” after the SSID on the 5 GHz band or by adding the phrase “Range” to the 2.4 GHz band SSID and adding the phrase “Speed” to the 5 GHz band SSID, which clearly communicates the difference.

E.g. if your SSID is “MyNetwork” you can call the 5 GHz band SSID “MyNetwork-5” or “MyNetwork-Speed” and the 2.4 GHz band SSID “MyNetwork” or “MyNetwork-Range” respectively.

Turn off Remote Management

For some reason, some routers have a feature called “Remote Management” turned on by default.

What this means is you can access your home router’s admin panel from your public IP address.

This may be good if you rent out your property and want to keep an eye on the WiFi network, but this also allows anyone to find your home router’s admin panel on the open Internet!

This can be considered a huge security risk and unless you know for sure you want this feature, you should turn it off to increase security.

Turn off UPnP (Universal Plug and Play)

UPnP is a protocol designed to help devices communicate with one another, but is not designed for devices with Internet access, as there are no identification checks made.

Therefore, this feature can be considered a security risk and you should turn it off unless you’re 100% sure you need it for your devices to operate.

Keep an eye on your port forwarding rules

Your router comes with a built-in firewall that says what is and isn’t allowed to access your internal network.

One area of that firewall you’re allowed to control is port-forwarding.

Ports allow you to use multiple services on 1 IP address or a singular device e.g. port 80 usually being a web server, port 3306 usually being a MySQL database port etc…

Port forwarding allows you to access a particular port on a device on your network via your public IP address on the Internet.

As you can imagine, allowing the open Internet to access ports on a device on your local network can sometimes present a security risk, which is why you should make sure you know what ports are being forwarded.

If a hacker gains access to your home router admin panel e.g. through Remote Management (an example of why you should turn that off), they could create port forwarding rules to gain further access to your internal network, such as your devices.

I hope this guide has been useful and given an insight into how you can protect you and your family, just by making a few changes to your router’s settings.

Stay safe out there!

«