How to secure a wireless routerPosted by admin on Aug 7, 2012 in Security Blog • No comments
In this guide we will give you 10 tips on how to increase the security and protection of your wireless network router. If you are unable to do all the points in this guide, aim to do as many as possible to help secure your wireless router. If you are a company that would like your wireless network audited and secured please consult us via our penetration testing page.
1) Encryption Method
It’s important to get the encryption method right. If you use a legacy encryption protocol such as WEP, chances are you will eventually get your password cracked, and people using your wireless network/internet for free! We recommend using WPA2 for the highest level of encryption that most wireless routers support. If when you log into your wireless router and do not see WPA2 as an option, check the manufacturers guide for upgrading the firmware.
2) Upgrade your routers firmware
Having old firmware on your wireless router may cause a compromise! Bugs get discovered all the time, and if your router is not using the latest stable firmware, chances are you are broadcasting a wireless network which could be exploitable.
3) Modify defaults
Modify default settings, so that individual who try to run scripts or brute force tools to get into your network are attacking something that does not exist! For example, change the username from ‘admin’ to something else, change the routers NAT IP address to something other than the out of the box configuration.
4) Set a password on your router
Sometimes home routers come with no password, or a default password of ‘password’ or ‘admin’. Ensure this is changed to something secure and memorable.
5) MAC Code restriction
As well as enabling WPA2 encryption we recommend restricting wireless access further by limiting users with only authorised MAC addresses to gain access to the wireless network. Most routers come with a MAC address table within the security settings area. It’s here you can define the MAC addresses allowed to access the wireless network.
6) Encryption Standards
Use AES (Advanced Encryption Standards) over any other offered encryption method. Do not use AES/TKIP. it is less secure.
7) Router Firewall
If your router has a firewall, it’s worth enabling it and paying attention to the outgoing ports list. It is recommended to only open outgoing ports that you know data should be allowed out on, e.g port 80 for web traffic, and port 443 for secure web traffic. Keep the allowed outbound ports to a minimum to maintain high levels of security and prohibit data loss through any compromise from within the network.
8) Avoid wireless administration
When making changes to your wireless router, try and make the changes using a wired connection, and if possible disable wireless administration.
9) Enable HTTPS administration
If possible, only allow administration of the wireless router through the https protocol, so data passed between your PC and the wireless router is secured, and encrypted.
10) Hide your SSID
To avoid automated attacks, lower tier crackers and more data being sent to your network, we advise disabling the SSID broadcast, and manually connecting to it through your systems software options.