Home broadband routers don’t just provide internet access, they also act as a security barrier against the outside world. But if your home’s router is incorrectly configured or suffers from a vulnerability, it can be worryingly simple for viruses and hackers to break through and cause trouble.
And many people may be at risk. A recent study by Which? highlighted a security flaw affecting millions of Virgin Media routers. And BroadbandGenie’s research into home router security found that many households had never taken basic security precautions.
The following tips are some simple steps everyone can take to improve the security of a home broadband router to help keep your home network and computers safe from common problems.
Before You Start: How to Change Your Router Settings
To setup and manage a router you’ll need to gain access to the admin controls. This is usually done by navigating to an IP address in a web browser (for example https://192.168.0.1), then entering a password. The steps vary for each model, but instructions will be found in the manual or printed on a sticker attached to your router.
Many routers are issued with a very simple default password to access the admin controls. And these passwords can be the same across the manufacturer’s entire product range. This is the security flaw that is a widespread problem that affects many routers.
It’s extremely important to change the default password as soon as possible, otherwise someone could easily break into your router by finding out the default login for that model (and that information is only a Google search away).
Wi-Fi makes it easy to build a home network, but the signal doesn’t stop at the boundary of your property. Neighbors or someone passing by on the street can see your WiFi network. If it’s not secure, they could use your broadband and gain access to your connected devices such as computers and home security cameras.
Your WiFi network should always be protected by a password. And check that it’s using the “WPA” security standard, not the old and insecure “WEP.” It can also be a good idea to change the SSID (the network name). Not only does doing this make it easier to find your network when there are lots of other networks nearby, the default name can reveal the make and model of your router and make it easier for a hacker to attack using known vulnerabilities.
A couple of router features commonly enabled by default can be a potential avenue for hackers.
WPS—Wireless Protected Setup—is intended to make it easier to connect to Wi-Fi, either by pressing the “WPS” button on a device or by entering a PIN. However, anyone can exploit WPS to hack your WiFi password, using free tools. Switch off WPS to block this.
Another problematic feature is “Universal Plug n Play” (UPnP). This is meant to allow software to communicate with the outside world without user intervention. Unfortunately, UPnP can be used by malware and hackers to carry out attacks. It is a handy feature— without it software such as Skype may not function without manual port forwarding—but many home users can disable UPnP and not notice the difference.
If you would prefer to leave UPnP enabled, use the online ShieldsUP! tool to check your router for UPnP vulnerabilities.
Use the router admin controls or a third-party tool such as Fing to monitor the connections on your network. This will help you spot unknown devices and identify unauthorized users.
To make this easier, some routers offer the ability to enter nicknames for connected computers and devices.
To protect against new security threats, install updates for your router’s operating system (firmware) as soon as they become available.
Newer routers will usually offer an easy-to-use update tool to check for and install new firmware, but older models may require you to visit the manufacturer’s site to download updates.
If your router is old, or doesn’t offer the features you need, purchasing a good quality router to replace the ISP-issued freebie can be well worth the small investment. As well as offering better security features, a new, state-of-the-art router can also improve Wi-Fi range and speed-up wireless data transfer.
Most ISPs allow you to replace their standard router with another device. Or the ISP router can be set to “modem mode” for broadband access, while newer hardware handles WiFi, wired networking and security.
If your ISP does not support other routers, ask if a newer router model is available as an upgrade. If you need this because the old one is faulty or insecure it may be free, otherwise you’ll probably have to pay a fee.
—Matt Powell, BroadbandGenie.co.uk