How to Secure And Protect Your Wireless Router
The subsequent measures are of the utmost importance in safeguarding your wireless router.
Turn off WPS!
This is paramount in ensuring the security of your wireless environment! Each person within the range of your access point’s signal who has WPS (or QSS) enabled will have the ability to compromise your wireless network.
Disable WPS on the wireless connection
Remember to disable WPS for each network on your router operating at 2.4 GHz and 5 GHz for safety purposes.
Enable WPA2 or WPA3 Mode of Security
WPA2 PSK with AES is the most secure router configuration.
When available, choose WPA2/WPA3-Personal or WPA2-PSK as the security mode for your Wi-Fi network. That WPA3 is more secure than WPA2 is self-evident.
You are free to utilize either, but avoid WPA.
Select AES as the cipher or encryption method next. Both the TKIP and TKIP+AES options should be avoided.
Open network mode should never be used with Wi-Fi. Not only will everyone in the vicinity be capable of connecting, but they will also be able to intercept your traffic, which will ultimately:
access and download your confidential information (such as photos, videos, and documents) from home network devices such as laptops, desktops, and NASs; steal your Facebook, Twitter, and Instagram credentials;
gain access to your credit card and Internet banking credentials; use your IP address to transmit spam or harass others online.
Weak and deprecated WEP security should also be avoided, as it is exceedingly vulnerable.
Construct a Robust Wi-Fi security key, also known as a password.
Everyone within the range of your wireless network’s signal will have the opportunity to guess or attempt to breach it if you employ a password that is simple to guess.
Never employ common knowledge as a wireless security key, such as your birthday, mobile phone number, or pet’s name. The following day, your neighbors will breach this “protection” that you have established.
Produce an equivalent item for utilization as the security key: vd4$3%&h20h
Modify the Router’s Factory Default Password
If at all feasible, modify the default user name. Additionally, it is possible to modify the default user identity on certain routers. If at all feasible, do it. It is common knowledge that the default user name for router settings is typically admin, and that the sole requirement to access the configuration is the password.
If you change the user name to an uncommon word, the hacker will likely be unable to compromise your router because they will also be required to predict it. Your router will become considerably more secure.
Turn off remote administration of your TP-Link router.
Unless you utilize the remote management system on a daily basis and are certain of its safe operation, it is not advisable to have it activated. If not, proceed with disabling it.
Navigate to Security > Remote Management on your TP-Link router and verify that the Address field contains 0.0.0.0. It indicates that remote access from any external IP is prohibited.
Disable remote administration on the TP-Link router.
You may have simplified control options on devices manufactured by other vendors, such as the “Enable remote management” flag.
Despite the fact that UPnP is enabled by default and almost no one disables it on their routers, its utilization is undesirable.
If at least one device in your household becomes compromised with malware, UPnP will facilitate the connection of trojans to malicious servers from within your network, allowing them to download additional malware, adware, and possibly more.
For this reason, I advise you to disable it in the router’s configuration:
Remove UPnP from the router
The following are additional precautions to safeguard your Wi-Fi gateway.
These measures to enhance your wireless security are discretionary. You may utilize them only if you are an experienced user and they are applicable to your situation.
Reduce the power of the wireless transmitter
There are numerous situations in which the utmost power of a wireless router’s Wi-Fi transmitter is unnecessary.
Undoubtedly, in the event that you possess a sizable residence, the installation of an additional access point might be necessary to expand the coverage area of your Wi-Fi network.
However, if your router is adequate for your small apartment, you could attempt reducing its transmit power so that it only reaches the areas where wireless network access is essential.
Simply put, prevent access to your wireless network from locations beyond your apartments.
By configuring the transmit power to Low within the router configuration, potential hackers will be impeded from accessing your hotspot remotely as a result of the compromised signal strength.
restricting router transmission capacity
Alter the default IP address range and deactivate the DHCP server.
To commence, it is possible to migrate to the 192.168.201.0 subnet from the conventional 192.168.0.0 or 192.168.1.0 subnets.
The second option is to explicitly assign static IP addresses to every device on the network. This will significantly complicate the process of acquiring the accurate IP address.
Outstanding Security Options
Ultimately, I would like to provide you with some supplementary details pertaining to stringent security protocols.
It is assured that the subsequent procedures will substantially enhance the security of both the Wi-Fi gateway and the network as a whole. They may, however, be incompatible with a subset of your more recent client devices.
Enable Strict WPA3 Mode
Consider abandoning support for WPA2 if the devices you utilize the most already support the most recent authentication method, WPA3 (or even worse, WEP if WPA is unthinkable). As described in this guide, it can be configured.
Cease Employing Mixed Standard Mode
Likewise, you may wish to upgrade your router to Wi-Fi 5 or Wi-Fi 6 and disable support for earlier versions.
To experiment, navigate to the configuration page of your router and modify the “802.11a/b/g/n/ac mixed” mode to “802.11ax only” or “802.11ac only.” Additionally, certain routers offer the “802.11ac/ax” alternative.
This will restrict access to your Wi-Fi hotspot to clients that are compatible with the most recent generations of standards.
Why proceed? The solution is straightforward: by implementing such measures, you restrict the range of devices capable of even detecting your network. As a result, lower attack attempts correspond to enhanced efficacy.
Prioritize the security of your router, particularly in regards to wireless networking. There is a palpable sense of uncertainty regarding the intentions of any adjacent individual to compromise your Wi-Fi network.
Bear in mind that the greater the number of obsolete mechanisms implemented, the more susceptible your network becomes. You should therefore immediately implement modern authentication methods and encryption protocols. Even if it means discontinuing the use of some obsolete client devices.