A Suggested Security Setup for a Wireless Home Router
Your wireless router is a wonderful window to the digital world, which grants you the ability to browse around the house with a variety of devices. Keeping a router secure is vital though. You don’t shout out your social security number in a crowded room, but a surprising number of people are willing to do personal browsing on unsecured routers.
Thankfully, it’s actually not that difficult to set up a router’s security. If you’re looking for a good security setup for a router, then you’ll want to keep a few things in mind. You need to have strong passwords, good encryption and you may want to set up a few extra security features if you have time.
Note that if you just need some general help with setting up a router, you can read one of our router setup guides on the topic. We have a guide to Linksys and one for Netgear, and you should be able to find other name brands using our site search.
Good Intel - Know the Threats
It should be helpful to take a look at what threats you will likely face. Your router will need to do two things. It needs to hide your information behind a good shield, and hold out unwanted users from using your wireless connection. Protecting your information shouldn’t really need an explanation. It’s a bad idea to ever let someone spot your passwords.
It’s actually not going to be the end of the world if someone grabs onto your wireless connection. You obviously do not want to just sit on an unsecure router, but it’s not something to be paranoid about. It can be bad, since they’ll use up some of your bandwidth, and people hacking into wireless connections are often using the connection to do illegal actions online, but it can also just be someone with a busted modem.
A Good Gatekeeper - The Password
You really need a strong password. Do not just use your last name, your “usual” password and please do not use “password.” Anyone wishing to modify your router will probably try admin:password first. Do not make it that easy for them. There are lots of little things that you can do to set up a password that looks like nonsense, but is actually perfectly logical to you. A common trick is to come up with a phrase - for example, “Making passwords isn’t that hard, can’t you see” - and then modify it down to a password. So, that one could be Mp1thcys. That’s a simple case of taking things that look like numbers and changing them. So, you now have a password with lower and upper case letters along with numbers. You can do whatever you wish though.
Honestly, it’s not a disaster if you forget your router password, so don’t be afraid to get a tough one. If worse comes to worse, you just have to reset it and setup the router again if you forget your password. If you want the best of both worlds, you can look into something like KeePass. It’s a pretty neat program that will let you make up really tough passwords and save a copy of them behind one single master phrase.
A Really Good Lock - Encryption
You’ll need some good encryption to stay safe too. Your information is flowing across the wireless connection, so you need some way to keep prying eyes away from it. Without getting into the technical side of it, just note that an unencrypted connection can have a third party sit on it. They will then be able to capture the packets and read them. Basic encryption can mix it up and make your browsing unreadable. For a slightly deeper look at wireless hacking, check the link.
As a general rule, you just need to get the strongest encryption offered by your router. You may be limited by older hardware, so just try out different settings and accept the highest that you can. I actually think it’s best to just let the system come up with a key for you after you pick your level of encryption. You can always log back in (as long as you remember your admin password) and look it up if you forget it.
Note, that WEP appears to have been cracked. Basically, it looks like anyone sufficiently motivated can use a few cracking tools to just do it for them. The only limit is time and their ability to stay within range long enough to get something good. There are rumors of other forms being cracked, but it isn’t as simple (and realistically, it’s unlikely that you ever have to deal with skilled enough hackers to do something like that).
Regardless, use the best that you can. The more advanced versions of WPA are quite good and should be fine for the average user.
Odds and Ends - SSID and MAC Filtering
I’ll also go ahead and address a few of the common security suggestions that I see.
First, a number of websites will suggest that you turn off your SSID from broadcasting. That’s a completely worthless step. Basic software is able to spot “hidden” SSIDs, so all this will do is frustrate you.
MAC address filtering is a bit less clear. Theoretically it’s pretty nice. Each computer or device you have has a unique MAC address. You can try to connect, and then approve these devices on a special whitelist. This makes it impossible for others to connect, even if they figure out the password…in theory. In practice, the type of person who knows how to crack a wireless connection will also know how to change their MAC address to one of the approved ones. It’s not much of an inconvenience, so it’s up to you. It gives you a lot of control without too much hassle, but don’t assume that it’s a security powerhouse.
Source: Author’s own experience
Screenshot provided by Author