If you’re reading this article, there’s a good chance that you’re accessing the Internet from a WiFi home router. Maybe you are also not the only one with access to this router. The other people in your home, like your family members, will also probably know your WiFi password.
Perhaps some other people as well. You might have given the password to a friend or a relative visiting one weekend that needed to get online.
But those are just the people that you know you’ve given the password to. There are also plenty of those that might breach your home wireless network without your knowing about it.
In this article, we’ll talk about those people and how to secure your WiFi network home from them.
- Limit the Number of People That Know Your Wifi Password
Okay, who you have given your WiFi password to so far?
Your family members, probably, and that’s okay. Your spouse might also need the Internet for their work and your children should also have access to it.
But have you given it to a visiting relative, a friend, or worse yet a complete stranger like a salesman? Don’t. Their employer should have given them a data plan in case they need to access the Internet and not use the client’s.
You are not responsible for providing Internet access to everyone, so if they ask for your password, say “sorry, I can’t give you that”.
- Make a Stronger Password
When you first get the WiFi router from the ISP it comes with a stock username and password. It’s a good idea to change that into something that only you will know (well, and the people you tell).
Where people err here is that they use passwords that are way too easy like “12345678” or “qwerty” or similar.
The reason for this is that they don’t want to forget the WiFi password. If that happens, they won’t be able to access the Internet (and that’s bad).
However, passwords like these are notoriously easy to figure out so, in order to secure a home network, you should think of (or generate using a password generator) a stronger password.
- Change Your Password
Most people change their WiFi router password just once and then leave it be.
When in fact you should change it pretty regularly if you want to secure your WiFi network home.
How often should you do this?
There’s no hard rule, but give it a little changeroo every 3-6 months at least.
- Change Your Network Name
Your router manufacturer has likely named your home network something non-descriptive as TC-g4RS. That’s just to make their life easier.
But since they often put their brand name or router model in the SSID, which is what identifies the network, this also makes it easier for hackers to figure it out.
Because of this, you should change your home network name into something that won’t give away what router brand or model you are using.
However, when you’re choosing another name, be sure not to use anything that might identify you directly or indirectly as the “owner” of the router and instead go non-descript.
- Change the Admin Credentials
Accessing the router admin credentials is different from connecting to your home network. This gives you the power to change your network configuration and is something you should be familiar with.
How do you access the router admin credentials?
It’s actually quite easy and all you need to know is the username and password for your given router model.
Unfortunately, this information is easy to get by googling the router model or by going to a website like Router Passwords and finding your manufacturer and model there.
What’s worse, most manufacturers set up the username and password to be something like “user/user” or “admin/admin”, giving this easy access to the admin credentials to anyone including hackers.
You should make sure to change the admin username and password as soon as you can to avoid a potential hacker (or someone with a vendetta over you) messing with your router and lock you out.
To access your router admin page, you need to know its IP address. This is different from your public IP.
To find your router’s IP:
On Windows:
- Open “Control Panel
- Go to “Network and Internet”
- Click “View network status and tasks”
- Click the name of your network connection in the upper-right corner of “Network and Sharing Center”
- Click “Details” in the “Ethernet Status”
- Find the “IPv4 Default Gateway” in the Network Connection Details”. That’s your router IP.
Another way is to use the Command Prompt:
- Press the Windows button + X
- Click “Command Prompt” or “Command Prompt (Admin)”
- In it, type ipconfig
- This will open a window like this where you can find therouter IP address under “Default Gateway”:
On Mac:
- Click the Apple icon in the top-left corner of your screen
- From the drop-down menu, select “System Preferences”
- Open the “TCP/IP” tab
- You’ll find your router IP there next to “Router”
Okay, now that you know your router’s IP, enter it into your web search bar.
This will open the login page for it:
Enter your router username/password to open the admin page and change it from here to something only you will know.
It will probably be something like admin/password, but if you changed it at any point and forgot, do a hard reset by holding the Reset button on your router for about 10 seconds. This will allow you to use the default login, but will also reset the WiFi network username/password.
6. Get a Stronger WiFi Encryption
There are three types of WiFi protection system used for secure network transmissions:
- WEP (Wired Equivalent Privacy)
- WPA (WiFi Protected Access)
- WPA2 (WiFi Protected Access 2)
Be sure that you are using the 3rd one, WPA2 and also that you are using the WPA2 AES, which uses AES encryption to protect your transmissions from cracking.
7. Filter MAC Address
That’s MAC as in “Media Access Controller” and has nothing to do with macOS. This identifies the network card on the Internet and your device will have a unique MAC address and is usually something along the lines of 2b:11:ec:9f:0a:cd
If you go to the router admin console, you’ll see “MAC filtering”. From here, you can allow or deny devices on your home network. This can be very useful if you need to stop your neighbors from stealing your network all the time, or to thwart a hacker armed with a wireless packet sniffer.
8. Hide the Network
Another way to secure remote access to the home network is to hide it or, more precisely, stop broadcasting your device’s SSID.
If a device already has a stored connection to the device, it will still be able to connect even after this, but for those that don’t, it will show as a “hidden network” and will be impossible to connect to without knowing the name.
9. Limit WPS
We already mentioned WPS. Using this. A new device can recognize the network and connect to your router fast. For instance, you can use this to connect a game console.
This creates a potential security problem in that a hacker could crack the WPS 8-digit code.
Most routers have a WPS button. Pressing it sends a signal to add a device to your network and gives it login credentials. In most situations, it’s better to avoid WPS code and instead use the WPS button.
10. Turn on the Router’s Firewall
If you haven’t yet turned on the router firewall, do so better secure your WiFi network home. You can do this from the router console settings, or by visiting the manufacturer’s support page on their website and searching “firewall” for any information about it.
This way you can block unwanted traffic before it reaches the end devices.
11. Avoid Plug & Play
This is what puts the “smart” into “smart home”. Universal Plug and Play, or UPnP allows devices in a home network to access the Internet to communicate with the manufacturer for necessary updates and to communicate with each other using HTTP, SOAP and XML protocols.
Of course, the UPnP system and the devices on it require the router to discover the network. The problem here lies in the lazy habit that most manufacturers have to use the same (usually weak) password across devices.
This is a serious security vulnerability.
What is worse is that this security flaw in UPnP was known practically from the start (about 12-13 years ago) and with little to no answer. For instance, in 2020, researchers from Turkey discovered an exploit called CallStranger that can force the Internet of things (IoT) devices to partake in a distributed denial of service (DDoS) attack.
Once the UPnP does its thing, set the device up, be sure to turn it off to avoid this problem.
12. Keep Your Portable Devices Especially Healthy
All devices that connect to your router and the Internet are in one way or another vulnerable to hacking. However, those devices that you can take out of your home (are portable) like laptops, cell phones, tablets… are even more so since you will often connect them to different networks, as well as access the Internet from public places.
Once you infect a device in a different network than your home network and then bring it home, the infection will likely spread to other devices in the network. So make sure those portable devices are healthy and protected from malware at all times and, of course, avoid suspicious networks.
13. Going Away? Turn the Network off
If you’re going away for a long period of time, say a couple of weeks, you should turn off the router and the network.
After all, you won’t be using it during this time and why run the risk of hackers gaining access while you’re not there?
14. Get a New Router
Finally, if you have an older router, you might want to consider exchanging it for a new one. You can either buy one yourself or ask the Internet Service Provider (ISP) to send you (and install you) a new one. Just make sure to change the passwords after them.
Older routers often don’t have some of the features that we mentioned (like WPA2) so they’ll constantly be vulnerable, plus a newer router will likely be faster as well, so it’s a win-win.
How to secure a WiFi network at home?To secure a home WiFi network be sure to:
- Reduce how many people know your WiFi password
- Change your ISP-provided WiFi password and make it stronger
- Change the network name
- Change admin credentials for your router
- Use a stronger WiFi network encryption (WPA2 AES instead of WPA)
- Filter MAC addresses
- Hide your network
- Limit WPS
- Turn on the firewall
- Turn off plug & play
- Make sure that the devices on the network are healthy (especially those you connect to other networks and bring back home)
- Turn the router and the network off when going away for a longer period of time
How to secure home network router?To secure your home network router keep the firmware up-to-date. This will ensure that your device is safe from the latest (at least known) bugs and is protected from security exploits.
Additionally, you should also change your WiFi password fairly regularly (change it as soon as you get the router from the ISP) and also change the admin credentials (most routers have a default username and password that hackers will know).
Finally, turn off things like WPS, UPnP and remote access.
How do I secure my home network against zombie attacks?The most important thing or device to protect in your home network is the router, of course. This is what all other devices in the network will connect to and if the router’s security is weak, there’s no hope for other devices.
What you should do is change the admin credentials and the WiFi network name and password as soon as possible and turn off things like UPnP, as well as use stronger network encryption.
Also, if you are using an older router, buy a new one or ask the ISP to provide you one.
Conclusion
Your home network will always be vulnerable to attacks from hackers, not the least because of the weak default passwords that the router manufacturer or the ISP will provide you with.
Because of this, it’s necessary to go a step further to set up a secure home network with these 14 steps.