Threat Research

12 ways to boost your router's security

Lisandro Carmona de Souza, 4 December 2014

12 ways to boost your router's security

hns2aWith the increasing number of network security breaches, we need to improve awareness regarding the security of your home network.


We simply need to follow some rules to control and prevent system penetration and also bandwidth theft (and losing money!). Safeguard your valuable information available through your home wireless connection and do not be easy target for hackers!


Here are 12 ways to boost your router's security:


1. Install your router in a safe place where the wireless signal is available only inside your own house. Avoid placing it near to a window.


2. Turn off WPS, the automated network configuration method that makes your wireless password more vulnerable to hacker attacks.Turn on WPA2 encryption and, if you can, protect it with a strong password.


3. Change the default admin username and password to a strong password. Do not use default passwords because they’re generated from well-known algorithms that makes hacker attacks even easier. Do not use your name, date of birth, home address or any personal information as the password.


4. Upgrade your router firmware to fix known vulnerabilities of the router.


5. Don’t forget to log out after managing the router, avoiding abuse of the authenticated browser sessions.


6. Disable remote management of the router over the internet. In a business environment, if you need this management, it will be safer to use NAT rules allowing SSH or VPN access only.


7. To prevent CSRF attacks, don’t use the default IP ranges. Change the defaults 192.168.1.1 to something different like 10.8.9.7.


8. To prevent ROM-0 abuse of your router (i.e., access to the secret data stored in your router: your ADSL login/password combination and WiFi password), forward port 80 on the router to and non-used IP address on your network. Check how-to here.


9. Set your router DNS servers to automatic mode (or DHCP) or for a static value that you manually set exactly according to your ISP.


10. Disable IPv6 on the router or, if you really need IPv6 services, replace the router with a IPv6 certified one.


11. You can save bandwidth and allow only specific computers or devices to access your WiFi even if they have the security key to enter. Find the computer MAC address (the “physical address” listed with the command line ipconfig/all at a cmd window). Into your router settings, you should look for the Mac filtering settings to add this identifier there.


12. Use a secure VPN in open/public WiFi hotspots. You can read more on how Avast SecureLine can protect PC, Mac and Android devices in these situations. If you cannot avoid using public WiFi, then try not to log in or enter your credentials (specially banking or credit card ones), but also your email and phone number. If you really need it, always prefer the secure protocol HTTPS (check the browser address bar).


Avast Software’s security applications for PC, Mac, and Android are trusted by more than 200-million people and businesses. Please follow us on Facebook, Twitter and Google+.

Check 4 comments or write your comment

Discussion (4)