How to harden your router to be as secure as possible πŸ”’

Hey everyone, today I am going to show you the best way to fortify your modem against attacks, that may come to steel your information or even connect to your wi-fi.

Ok, so as I like to be as concise as possible so let’s get going. The first thing that you have to do is to connect to your router, to do so go to the command line from Windows or bash from Linux by following these instructions.

  1. Press the windows key + r then type down cmd
Image

2. Now on the new black window that showed up write this command down:

ipconfig
Image

Now copy and paste the IP address of your Default Gateway a.k.a your router (ex:192.168.0.1) . Go to your browser like Google Chrome, Firefox, etc and paste it there, click enter and you will be directed to a login page, if you don’t know the log in or password go to your router and try to find a sticker on it that will explain what is the default log in and password (sometimes the username is admin and the password is going to be your wi-fi password).

3. Every router has a different interface the one that I am going to show to you is from Hitron but the idea is the same almost all routers use the same name for the things that we are going to change on it !!!

Image

4. The first thing that you should do is change the default credentials from your router, for my case I can change it by going to Admin then Management. Changing the default credentials is very important because if a intruder somehow connect to your network he/she can do whatever they want.

Image

5. Now we will verify the wi-fi to see if it is using the right encryption and disable some features not used. In my case it was Wireless then Basic Settings. Verify that under Authentication mode it is using a method called WPA2 and not WEP, they are used for authentication, whenever you connect to your router or Wireless Access Point they are used during the process of logging in. WEP is a old method and easily exploitable which means that a hacker can quickly access your wi-fi even though he/she doesn’t have authorization to. Now find a options that is called WPS (Wi-fi protected setup) and disable it. But wait Wi-fi protected setup sounds like a really good and safe feature to leave on, but that is not the case anymore, after the researcher Stefan ViehbΓΆck revealed that this process can be easily broken and then used to access your wi-fi even without the password here is the article explaining it better . And now for encryption mode select AES (Advanced encryption system) that currently is the most safe system used to encrypt what you are browsing though the wi-fi.

Image

6. Now let’s choose out firewall settings that server as a middle man verifying what goes in and out is secure enough to pass, in my case it was Security then Firewall. For this part it varies a lot how you want to set it, because depending on your needs some Firewalls rules may affect you in the future. My router offers 4 options Maximum, Typical, Minimum, Custom. If you are not sure I would suggest to now touch on anything until you be secure enough to change on your own.

7. For this step let’s close the open doors that are open on our router a.k.a Port Forwarding, which means that they are allowing anyone from the internet to access our router through them. To close them in my case I had to go to Basic then Port Forwarding the number of “doors” may vary but in most cases you can close them all, to make sure that it is close to delete them , make a quick research about what the “door” does and if it is not important go a head and lock it down πŸ˜‰

Image

8. For this step you have the option to change your DNS server which take care of searching for the website that we are looking for, it is not really necessary but it is still a good practice to change it. In my opinion (and the majority in the Cybersecurity community) Cloudflare DNS offers the fastest and most secure option among all other because of many reason that I know if I explain most of you won’t understand very well but if you are still interested in knowing feel free to access this blog post that is dedicated just for that. You can change this setting by going to DNS settings and changing from Auto to Manual and then insert 1.1.1.1 as the Primary DNS and for the secondary anything else is good, for me I am going for 8.8.8.8 that is owned by google.

Image

9. Last but not least there will have extra options that you can opt to use for example filtering devices, websites, keyword etc. But I won’t go into that because for a home network they are not really necessary, if you have more questions about your router I would suggest you to visit the documentations provided by the router’s company.

Here is a list with the most popular router producers and their documentations:

Thta is it for today guys, hope I have helped you somehow, as always have a wondeerful day !!!

Istvan out πŸš€

Leave a Reply :)