5 security settings to turn on your router before it’s too late
Suppose your house has a top-notch security system. There are locks on all the doors. Security cameras monitor from every angle. No one could get in – except for an open door that you completely forgot about and therefore leads to every room in the house.
Your router is that open door. Few people give much thought to their routers.
Most people are more familiar with Wi-Fi, of course, but many people forget to take steps to secure it. Tap or click here for five easy ways to secure your home’s Wi-Fi.
It’s vital to check your router settings and tweak them for your home network’s security’s sake. Before you do, there is one essential step. Your router may be out-of-date and in need of security and admin updates. Tap or click here to update your router’s firmware.
Next, follow these steps to secure your router. And be sure not to miss the vital bonus last step at the end.
First, access your router’s administration console. This console is where you manage your router’s settings, from password management to firmware updates. You open a web browser and type in the router’s IP address. The IP address is a set of numbers, and the default depends on your router’s manufacturer. The common ones are 192.168.1.1, 192.168.0.1 or 192.168.2.1.
Once you’re on the router administrator page, you should have to enter a username and password to log in. That’s it.
1. The right encryption
Your best defense is strong encryption. If you are required to enter a password to connect to your Wi-Fi, then you already have some encryption enabled on your router. But is it the right kind?
Here are some facts about Wi-Fi encryption:
1. The most widely-used Wi-Fi security protocol right now is still Wi-Fi Protected Access 2 (WPA2) encryption. However, this standard is over a decade old, and it is already susceptible to serious security vulnerabilities like last year’s KRACK attack.
2. Setting up your router’s encryption is easy. Every router has a different menu layout, but you should be able to find encryption under the “Wireless” or “Security” menu.
3. You’ll have many encryption options, but if you still have an older router, you want to select one that starts with “WPA2”. If your router is not WPA 3 compatible, then “WPA2-PSK AES” is your best option right now. However, if you have old Wi-Fi gadgets, you might have to select the hybrid option “WPA2-PSK AES + WPA-PSK TKIP” to get them working.
4. Never choose Open (no security). If it is using WEP, change the security setting immediately. Obviously, an open network will make it easy for someone to steal your Wi-Fi, and the older WEP security is easily hacked, so avoid it at all costs.
5. If the only encryption options your router has are WEP or WPA, tell your router to check for a firmware update.
6. If there’s no firmware update or your router updates but you’re still stuck with WPA or WEP, it’s time to buy a new router. These encryption methods are too unsafe to use, plus it means your router is probably more than 7 years old.
2. Create a guest network
A smart way to protect your more critical personal devices, like your home computers, smartphones, and tablets, from untrusted gadgets is to put them on a separate network that’s different from your main one. You can do this by enabling your router’s “Guest Network” option, a popular feature for most routers.
Guest networks are meant for visitors who might need a Wi-Fi connection, but you don’t want them gaining access to the shared files and devices within your network. This segregation will also work for your smart appliances, and it can shield your main devices from specific Internet-Of-Things attacks.
To avoid confusion with your primary network, set up your guest network with a different network name (SSID) and password. Make sure you set up a strong and super-secure password on your guest network. You still won’t want crooks and strangers mooching off it for security reasons.
Newer routers do this segmentation automatically. With this feature, it allows users to put Internet-of-Things appliances on a separate network, shielding your central computers and other personal gadgets from attacks.
3. Parent’s built-in helpers
To shield your kids from dangerous and age-inappropriate sites and limit the time they can access the internet, most routers have built-in defenses. These include time-based restrictions, content filters, and parental controls.
To enable these filters, visit your router’s administrator page or app again and look for a section called “Parental Controls” or “Access Controls.” Here, you can choose what type of sites to disable access to, set the schedule when the filters are in effect and set curfew hours for gadgets.
You can set filters for specific IP and MAC addresses. The downside of this method is the inconvenience, and it takes a bit of technical skill to pull this off. The good thing about this is that you’ll have a map of your connected gadgets and their corresponding IPs.
To take this a bit further, turn on MAC (Multimedia Access Control) filtering. With MAC filtering on, you can specify which MAC addresses will be allowed to connect to your network at certain times. Note: MAC addresses can usually be found in the gadget’s settings, label or manual. Look for a set of 16 alphanumeric characters. (Here’s an example of what a MAC address will look like: 00:15:96:FF:FE:12:34:56).
4. Use a VPN
With a VPN, your gadget’s IP address is hidden from websites and services that you visit. Web traffic is also encrypted, meaning not even your internet service provider can see your online activity. Think of it as a middleman that provides a tunnel between you and the websites you’re visiting.
To use a VPN service, most people purchase a special type of software, but some newer routers can be configured with VPN capabilities within the router itself. With this method, instead of having each gadget protected by its own VPN service, your router will protect every device that’s connected to it.
Routers with this capability have open source router software support (such as DD-WRT), and they can be configured to use services like OpenVPN.
Currently, there are a variety of open source and OpenVPN capable routers to choose from, but the most popular models are the Linksys AC3200 and the Netgear Nighthawk AC1900.
5. Better protection from hackers
Almost every newer router has built-in firewall protections in place. They might be labeled differently, but look for features under your router’s advanced settings like NAT filtering, port forwarding, port filtering, and services blocking.
With these controls, you can configure and specify your network’s outgoing and incoming data ports and protect it from intrusions. Be careful when tweaking your port settings though, since a wrong port setting can leave your router vulnerable to port scanners, giving hackers an opportunity to slip past.
Bonus Last Important Step
When you’re done, there is one last important step. Make sure that your firewall and ports are secure. You don’t want to hire a white hat hacker. Tap or click here for a free test you can do in minutes.
What digital lifestyle questions do you have? Call my national radio show and click here to find it on your local radio station. You can listen to the Kim Komando Show on your phone, tablet or computer. From buying advice to digital life issues, click here for my free podcasts.
Copyright 2018, WestStar Multimedia Entertainment. All rights reserved.
Learn about all the latest technology on the Kim Komando Show, the nation's largest weekend radio talk show. Kim takes calls and dispenses advice on today's digital lifestyle, from smartphones and tablets to online privacy and data hacks. For her daily tips, free newsletters and more, visit her website at Komando.com.