Securing WIFI Routers

Follow these simple steps to prevent abuse of your WIFI router.

  • Buy a well known brand that uses modern, accepted standards
  • Older or obscure models will be easier for attackers to compromise.

The rest of the steps below involve configuring the router. This can be done by finding the default gateway of the computer after it is connected to the router, and entering it in the address bar of a web browser. The manufacturer's manual will provide the default credentials.

  • Change all default usernames and passwords
  • Default usernames and passwords are widely known (for legitimate purposes), but attackers use them maliciously.

  • Change SSID
  • This is the name that devices can see, and use to connect to the wireless router. Default SSIDs give away clues that can assist in compromising the router.

  • Use the strongest encryption possible
  • Older encryption protocols, such as WEP, are insecure and have been cracked. At the time of this writing, 128 bit wpa2 is considered secure.

  • Use MAC address filtering
  • Every wifi antenna has a unique identifier called a MAC address. Wireless routers can be setup so that only specified MAC addresses can connect.

  • Check for firmware updates
  • Firmware updates add new features, and patch security holes. Check for updates often.

  • Disable remote administration
  • Make sure that the router administration site is not accessible from the internet, but only within the home network.

  • Disable wireless administration
  • This setting restricts administration to computers that have a wired connection to the router. Physical access is needed to make configuration changes

  • Reduce range of wireless signal/strategically position
  • These should be considered when used in relatively small spaces. Routers should be place away from publicly accessible areas. There is also paint that blocks wifi signals, for the paranoid.

  • Configure DHCP
  • DHCP is a protocol that assigns IP addresses to devices. The pool of available addresses should be decreased, in order to limit the number of devices that can connect.

  • Look at attached devices
  • The administration page will have a list of connected devices. This should be checked from time to time to make sure there are no unauthorized devices.