How to secure your router
It's a given: even though the majority of people are aware of the huge security risks which arise from utilizing various devices that send and receive data over the Internet, very few people are actually doing something to boost the security of the networks that have these devices as their clients. According to Securelist, over 20% of the Wi-Fi networks in the world are wide open.
When it comes to wireless security, everything begins with the router; if it isn't properly patched, all its clients are vulnerable as well. So, let's see what can be done to secure this often ignored, and yet crucial network component.
Begin by changing the default router user name and password. While most admins will change the default password right away, only a few of them will take the time to change the user name as well. I wouldn't blame them that much for this omission, though, because most router user manuals skip this important step as well. So, be proactive; set up a weird router user name such as "JxcvK433" and use a strong password that has at least 15 characters and mixes upper case and lower case letters, numbers and (if the router allows you to do that) special symbols such as & and #.
Each router utilizes a predefined network name, which is also known as "SSID". Be sure to change it right away, picking a name that doesn't draw people's attention.
Then, disable your router's remote management features. The first one on the list is the UPnP protocol, which may allow other devices to connect to your router without using any form of authentication. It's not a surprise that hackers have used Adobe's Flash vulnerabilities and UPnP-enabled routers to run malicious code on millions of computers worldwide.
"Web Access" features allow your router to be controlled remotely. They may be convenient for some people, but they can also cause a lot of trouble, especially in a business environment. Don't allow the attackers to connect to your router, and then get access to your network by making use of this router feature.
Sometimes it may be a good idea to replace the router altogether. Newer devices will often perform better, providing better features, faster Internet speeds and increased security. Do your research, and then pick a router that is manufactured by a reputable company, which will continue to be in business and (hopefully) patch its products for at least a few more years.
Did you know that websites such as Common Vulnerabilities and Exposures highlight most (if not all) of the publicly known cybersecurity vulnerabilities? This makes it easy to determine if the existing network components, or the ones that you plan to buy in the near future, are vulnerable to cyber threats. You should always take the time to search the web, finding forums that discuss the pros and cons of the devices that you intend to purchase, for example.
Make sure to use a strong password for each network client. WPA2 Enterprise allows you to do that by utilizing an inexpensive, third-party RADIUS server. Passwords should be changed regularly, and you should quickly revoke network access for any company device that is compromised or lost.
It goes without saying that you should keep all the network devices updated. This includes the router, which can often be patched from within its own admin menu, the operating systems, and all the applications. Be very careful with IoT applications; most of them are poorly coded, so they can cause all sorts of problems. Make it a habit to apply all the available patches at least once or twice per month.
When it comes to network security, your router is the key component. To keep your network secure, be sure to set it up properly, and then take the time to keep it up-to-date. You'll need an hour or two to do this, but you will save a lot of trouble.