Do you want to become a router technician for a day? Do you want to give the benefits of privacy and security to your whole family in a few simple clicks? Boy do I have the article for you..
Today, we will be covering how to make your router more private and secure in 11 simple steps. So, let’s get right into it!
⚠️Disclaimer: Please note that we won't cover the specific locations for these settings in this guide, as router admin interfaces can differ significantly between various router models. You can find numerous online resources that provide instructions on how to access the settings you require for your particular router model.
Step 0: Research before buying
Start your security journey by researching reputable router manufacturers and specific router models known for their security features. Look for routers that offer advanced security features such as automatic firmware updates, strong encryption options, and built-in firewalls. If you don’t have at least two of these features, it might be time for an upgrade.
Check if the router manufacturer provides regular firmware updates. Security patches and bug fixes are essential to address vulnerabilities that could be exploited by hackers. Read user reviews and seek expert opinions on routers you're interested in (you can also read our lovely posts :) ). Online forums, technology websites, and customer feedback can provide valuable insights into the reliability and security of different router models.
Some advanced users opt for routers that support open-source firmware like OpenWRT, DD-WRT or OPNsense. These firmware options often have strong security features and receive frequent updates, though they may require more technical expertise to set up (we believe in you though, you got this :) )
Step 1: Physical Security
Set up your router in a secure location to prevent physical tampering, you wouldn’t want your cat to knock it over for the third time this week, or a hacker to have a party on your precious bandwidth.
Place your router in an elevated position, such as on a shelf or wall mount, to keep it out of the reach of cats and prevent accidental paws interference. If possible, keep the router in a locked room or cabinet. This adds an extra layer of security and prevents curious cats casual access. Ensure the router has adequate ventilation, as it can generate heat during operation. Organize and secure the cables connected to your router to prevent accidental disconnection or tampering.
Step 2: Change Default Admin Password
Most people don’t realize that routers have an admin panel, which is used to configure router settings. But you’re different aren’t you? Kudos to you for educating yourself about router security!
Consumer routers usually come with a default admin password which is very insecure and easy-to-guess (spoiler: it’s usually “admin”). If a malicious entity gains access to your admin panel, he can wreak havoc over your network configuration, or even forward all your network queries to one of his devices for exploitation. Not fun!
Log in to your router's admin panel (usually done through a web browser by typing in the router's IP address) and change the default username and password. Use a strong, unique password that combines letters, numbers, and symbols.
If you need help with passwords, here’s our guides on choosing a good one:
Step 3: Check for Router Firmware Updates
Like any software, router firmware may have vulnerabilities that could be exploited by attackers. Manufacturers release firmware updates to patch these vulnerabilities and strengthen your router's security.
Keep your router's firmware up to date to patch any security vulnerabilities. Check the manufacturer's website or your router's settings for firmware updates. Avoid downloading firmware updates from untrusted sources.
Enable automatic updates, if available. Save yourself some precious minutes you can spend doing things that matter, like hydrating or making a to-do list that won’t be completed on time.
Step 4: Use Strong Encryption
WPA3 is the latest and most secure Wi-Fi encryption protocol to date. It was developed to address vulnerabilities present in its predecessor, WPA2. We hope you’re becoming a better version of yourself too :) . However, WPA2 has been widely used and accepted as a secure encryption protocol for many years. If your router does not support WPA3, WPA2 is still a reliable choice. WEP is no longer recommended for use, it should be avoided at all costs. Even if it's the only option available on your older devices, it's better to upgrade the device or the router's security features.
Use WPA3 or WPA2 (if WPA3 is not supported) for your Wi-Fi encryption. Avoid using WEP, as it's less secure.
You router just thanked you for changing this setting, and so did your devices. Your lonely hacker however is as sad as a lost puppy.
Step 5: Change the Network Name (SSID)
You might have thought about changing your own name. Maybe you found the name “Joe” boring and un-cool, or you needed a break from constantly being yourself. Routers have fantasies about that too you know?
Default SSIDs, often provided by the router manufacturer, are widely known and recognizable. Using these defaults can attract unwanted attention from attackers looking for easy targets.
While it's not a primary security measure, avoiding easily identifiable SSIDs adds a layer of "security through obscurity.1" It makes it slightly more challenging for potential attackers to identify your network as a target.
Don't use a default or easily identifiable SSID. Choose a unique name that doesn't reveal personal information, like Purple056. Your router just got a whole lot cooler ;)
Step 6: Configure Firewall Settings:
Firewalls are cool. They examine incoming and outgoing data packets, checking for signs of malicious or suspicious activity. They can block or allow traffic based on predefined rules, protecting your network from various cyber threats, such as hackers, malware, and intrusion attempts. They can stop potential attacks before they reach your devices. Firewalls also give you control over which types of traffic are allowed to enter or leave your network.
Configure your router's firewall to filter incoming and outgoing traffic according to your threat model, which can help protect your network from malicious connections. You can also start using the word firewall everywhere like they do in the movies, because you’ll really know what you’re talking about after reading this masterclass of a post.
Step 7: Change DNS Servers
Your default DNS provided by your Internet Service Provider (ISP) can track and log your internet usage. Boo! By switching to a more privacy-focused DNS service, you can limit the amount of information that's collected about your online activities.
Some third-party DNS services offer security features, such as protection against phishing sites and malware. They can help safeguard your network from online threats. Keep in mind however that you are shifting your trust from your ISP to your new DNS provider, so choose that carefully.
Something like Quad9 might be your cup of tea if you want a regularly updated pre-determined malware blocklist that’s active on your router. You can set this up once and forget about it, Quad9 will take care of the rest.
If you desire more control over your DNS filters (or you don’t really like tea), as well as access to other security features, you can use a custom DNS provider such as NextDNS or Control D, however this may require constant micromanagement and might be harder to set up. You might also need to manage your own blocklist and allowlist (trust us, it’s more fun than it sounds).
We have a small guide on changing your DNS provider, which includes the instructions for changing your routers’, you can find it [here]
Step 8: Use Two-Factor Authentication (if available)
Even with strong, complex passwords, attackers can employ methods to guess or steal them. 2FA makes it much more difficult for them to gain access, as they would need both your password and the second authentication factor.
Enable 2FA for your router's admin panel if supported, to add an extra layer of security.
Your IT department is jealous of your stellar security practices :)
Step 9: Configure Other Router Settings
Set up a VPN for your Router: [Optional]
You don’t need a VPN to be private and secure online. However in some cases, according to your threat model, you might need to hide your IP address (if you’re a gamer for example) or to access region-restricted content on streaming services and websites that might be blocked or limited in your region.
A router-wide VPN is especially useful if you have a lot of IoT devices2 connected to your router, as most IoT devices don’t offer an interface to set up VPN connections. A good VPN will ensure that any connection made from these devices is encrypted.
It is important to choose a good, privacy-respecting VPN especially for a sensitive device like a modem.
If you struggle with VPNs, we have guides to help you choose and set up a good VPN, you can find these [here]
MAC Address Filtering:
Enabling MAC (Media Access Control) address filtering is a security feature that allows you to specify which devices can connect to your network based on their unique hardware MAC addresses. You create a list of allowed MAC addresses, and only devices with MAC addresses on the list can join your network.
Consider enabling MAC address filtering to allow only specific devices to connect to your network.
Disable WPS:
WPS is a convenience feature that allows for easier device connection to your Wi-Fi network using a PIN or a physical button. However, it can also be a security vulnerability, as it has known weaknesses that make it susceptible to attacks.
Disable Wi-Fi Protected Setup (WPS) as it can be vulnerable to attacks.
Disable Remote Management:
Remote management of your router enables you to access and configure router settings from outside your local network. While this can be convenient, it also poses a significant security risk if not properly configured.
Disable remote management of your router to prevent unauthorized access over the internet.
UPnP (Universal Plug and Play):
UPnP is a network protocol that allows devices to automatically discover and communicate with each other on a local network. While UPnP can simplify the setup of devices and services, it can also introduce security risks.
Disable UPnP unless you require it for specific applications. UPnP can pose security risks.
DMZ (Demilitarized Zone):
The DMZ feature in a router allows you to place a device outside of your local network, essentially exposing it directly to the internet. While this can be useful for certain scenarios, like hosting a game server, it can also be a significant security risk if not properly configured.
Avoid using the DMZ feature, which exposes a device to the internet. Instead, rely on port forwarding to open specific ports for services.
Privacy Settings:
Modern routers often come with various features that may involve data collection, like cloud services for remote management or remote diagnostics. It's important to review the privacy settings in your router and disable any features that you are uncomfortable with or do not intend to use.
Check for privacy-related settings and disable features that may collect your data.
Wear a Black Hoodie:
You’ll look cool while following our post, you’ll also gain +2 Hacking and +3 Stealth.
Step 10: Backup your Settings
Finally, you’re almost done. Just one last thing to make sure you won’t have to go through this again..
Reconfiguring your router from scratch can be a time-consuming and often confusing process, especially if you've made numerous customizations over time. In the event of a router malfunction, firmware update gone wrong, or a need to reset your router to its factory defaults, a backup of your settings ensures you can quickly restore your network configuration.
Backup your router's settings, so you can easily restore them if needed. Keep this post in mind if you ever need to set up another router in the future. (or if you just like us because of our jokes)
— You’ve officially reached the end of this post, and if you’ve been following the steps outlined in this article (which you should), your router would be as secure as a fort. We hope you had some fun digging deep into your Wifi brick, see you soon :)
"Security through obscurity" is a security practice where the protection of a system or data relies on keeping the details of how it's protected a secret. It assumes that if potential attacker doesn't know how the security measures work, they won't be able to breach the system.
IoT devices are everyday objects, like smart thermostats or fitness trackers, that connect to the internet to collect and share information. For instance, a smart thermostat can be controlled remotely from a phone and adjust your home's temperature, making it more convenient and efficient.