/>
X
Home Home & Office Networking

How to lock down an insecure wireless network router

Your home router is vulnerable to attacks as soon as you take it out of the box. Here are a number of ways you can secure your home wireless network.
zack-whittaker-hs2016-rtsquare-1.jpg
By Zack Whittaker, Writer-editor on
secure-router-1a.png
1 of 11 ZDNet/CBS Interactive

Don't use the default login information

It's nearly always possible to find a router's default username and password online, depending on the brand and model. This means you can connect to the network, or tap into the router settings and lock out anyone from the network — even the owners. Worse still, hackers could monitor the traffic going in and out of the router, such as passwords and credit card information.

Change the default settings at the earliest opportunity with a strong username (if possible) and password.

Read more:

  • 13 best privacy tools for staying secure
  • 11 ways Apple could spend its $178 billion in cash
  • CES 2015: Meet this year's best tech
  • CES 2015: Meet the worst tech of the show
  • How to reduce your mobile data usage
secure-router-2b.png
2 of 11 ZDNet/CBS Interactive

Set the wifi security to WPA2

WPA2 isn't perfect, but it's the best solution outside of the enterprise. It allows you to set a strong password — with letters, numbers, and other characters — that can be near-uncrackable to attackers. The stronger the password, the harder it is for anyone to jump on your wi-fi network.

Read more:

  • 13 best privacy tools for staying secure
  • 11 ways Apple could spend its $178 billion in cash
  • CES 2015: Meet this year's best tech
  • CES 2015: Meet the worst tech of the show
  • How to reduce your mobile data usage
upload-router.jpg
3 of 11 ZDNet/CBS Interactive

Set a list of 'approved' devices

Every networking device has a MAC address, which uniquely identifies that device. By setting the MAC Address Filter, it means devices with pre-set MAC addresses can join the network — even if a password has been set. This means you can set only your smartphone, notebook, and other devices to the network, and no other device can join — even if they have the correct wifi password.

Read more:

  • 13 best privacy tools for staying secure
  • 11 ways Apple could spend its $178 billion in cash
  • CES 2015: Meet this year's best tech
  • CES 2015: Meet the worst tech of the show
  • How to reduce your mobile data usage
secure-router-4d.png
4 of 11 ZDNet/CBS Interactive

Keep your router's firmware up to date

Updating the software for your router on a regular basis squashes known security bugs and vulnerabilities. These patches not only offer fixes, but also periodically you may get new software features that can enhance your network's security. These firmware patches are generally available from the router manufacturer's website.

Read more:

  • 13 best privacy tools for staying secure
  • 11 ways Apple could spend its $178 billion in cash
  • CES 2015: Meet this year's best tech
  • CES 2015: Meet the worst tech of the show
  • How to reduce your mobile data usage
secure-router-5e.png
5 of 11 ZDNet/CBS Interactive

Disable remote access, UPnP

Universal Plug-and-Play (UPnP) has been criticized by the security community for allowing bugs and security flaws that can give unauthorized access to networks. Disabling UPnP can mitigate these attacks.

Also, if you have remote access to your router, disable this. It's yet another vector in which attackers can try to gain access to your network. Very few people, unless you're an enterprise network administrator, need remote access to networking devices.

Read more:

  • 13 best privacy tools for staying secure
  • 11 ways Apple could spend its $178 billion in cash
  • CES 2015: Meet this year's best tech
  • CES 2015: Meet the worst tech of the show
  • How to reduce your mobile data usage
secure-router-6f.png
6 of 11 ZDNet/CBS Interactive

Disable guest access

Some routers provide guest access. While this function often separates out your home network and your guests who use the temporary access, some hackers have been able to tunnel through the security wall into other parts of the network. If you really want to keep out people who shouldn't be on your network, disable this feature.

Read more:

  • 13 best privacy tools for staying secure
  • 11 ways Apple could spend its $178 billion in cash
  • CES 2015: Meet this year's best tech
  • CES 2015: Meet the worst tech of the show
  • How to reduce your mobile data usage
b-2-ssid.jpg
7 of 11 ZDNet/CBS Interactive

Turn your network broadcast (SSID) off

Turning off your network's broadcast name (SSID) can make it harder for hackers or others to gain unauthorized access to your network. The SSID is useful if you're roaming between two or more hotspots. But, if you have just one Wi-Fi router, you don't need to roam, and can turn this off without hassle. Just make sure you remember the SSID so you can plug it in manually.

Read more:

  • 13 best privacy tools for staying secure
  • 11 ways Apple could spend its $178 billion in cash
  • CES 2015: Meet this year's best tech
  • CES 2015: Meet the worst tech of the show
  • How to reduce your mobile data usage

c-3-firewall.jpg
8 of 11 ZDNet/CBS Interactive

Enable router firewall

Your network router can be the first line of defense to your network. You may not think you can be hit with a flood of traffic or a denial-of-service attack, but it can happen. Of course, having a firewall and other internet security on individual devices is helpful as well, but a router firewall can prevent some things from getting in.

At very least, turn on the firewall for both IPv4 (and if you have it, IPv6). If you can filter anonymous requests, also enable this feature.

Read more:

  • 13 best privacy tools for staying secure
  • 11 ways Apple could spend its $178 billion in cash
  • CES 2015: Meet this year's best tech
  • CES 2015: Meet the worst tech of the show
  • How to reduce your mobile data usage
d-4-wps.jpg
9 of 11 ZDNet/CBS Interactive

Disable Wi-Fi Protected Setup

Wi-Fi Protected Setup is not secure, despite what you might have heard. A simple way of connecting devices to your network, perhaps, but in reality it's an insecure feature. WPA2 security can be good enough if you're at home. (Enterprises may need a server-based system.) If you have WPA2 or any other password-based security enabled, you may not need to disable Wi-Fi Protected Setup. In many cases, it's one or the other.

Read more:

  • 13 best privacy tools for staying secure
  • 11 ways Apple could spend its $178 billion in cash
  • CES 2015: Meet this year's best tech
  • CES 2015: Meet the worst tech of the show
  • How to reduce your mobile data usage
e-5-wireless.jpg
10 of 11 ZDNet/CBS Interactive

Switch to shorter 5GHz band to prevent wide broadcast

Most modern routers have two frequency band settings: 2.4GHz and 5GHz. The latter band is far shorter-ranged than its predecessor, without any significant compromise in network speed or reliability. If you live in a small home, or a populated neighborhood, you can set your router to 5GHz so it covers your home but no further. That alone makes it more secure against unauthorized access.

Read more:

  • 13 best privacy tools for staying secure
  • 11 ways Apple could spend its $178 billion in cash
  • CES 2015: Meet this year's best tech
  • CES 2015: Meet the worst tech of the show
  • How to reduce your mobile data usage
f-6-opendns.jpg
11 of 11 ZDNet/CBS Interactive

Switch to OpenDNS for greater protection

OpenDNS offers malware and botnet protection, and Web filtering for home and family users. This helps to prevent hackers or malware getting access to your computers by tricking you into visiting sites that are insecure. You can sign up for OpenDNS on its website. Simply plug in the DNS addresses (there are often two -- one for primary and one for backup) on your router's setup page.

Read more:

  • 13 best privacy tools for staying secure
  • 11 ways Apple could spend its $178 billion in cash
  • CES 2015: Meet this year's best tech
  • CES 2015: Meet the worst tech of the show
  • How to reduce your mobile data usage
Show Comments

Related Galleries

Cybersecurity flaws, customer experiences, smartphone losses, and more: ZDNet's research roundup
shutterstock-1024665187.jpg

Related Galleries

Cybersecurity flaws, customer experiences, smartphone losses, and more: ZDNet's research roundup

8 Photos
Inside a fake $20 '16TB external M.2 SSD'
Full of promises!

Related Galleries

Inside a fake $20 '16TB external M.2 SSD'

8 Photos
Hybrid working, touchscreen MacBook hopes, cybersecurity concerns, and more: ZDNet's tech research roundup
Asian woman working at a desk in front of a computer and calculator

Related Galleries

Hybrid working, touchscreen MacBook hopes, cybersecurity concerns, and more: ZDNet's tech research roundup

8 Photos
Developer trends, zero-day risks, 5G speeds, and more: Tech research roundup
Person seated at a booth in a cafe looks at their phone and laptop.

Related Galleries

Developer trends, zero-day risks, 5G speeds, and more: Tech research roundup

10 Photos
Drive Electric Day: A dizzying array of EVs in sunny Florida
ca3b4019-26c5-4ce0-a844-5aac39e2c34b.jpg

Related Galleries

Drive Electric Day: A dizzying array of EVs in sunny Florida

16 Photos
Incipio, Kate Spade, and Coach cases for Samsung Galaxy S22 Ultra: hands-on
s22-ultra-incipio-coach-cases-2.jpg

Related Galleries

Incipio, Kate Spade, and Coach cases for Samsung Galaxy S22 Ultra: hands-on

15 Photos
Casetify Impact Crush Galaxy S22 Ultra case hands-on: in pictures
casetify-s22-ultra-3.jpg

Related Galleries

Casetify Impact Crush Galaxy S22 Ultra case hands-on: in pictures

10 Photos