CHANGE THE DEFAULT CREDENTIALS
The first and easiest step to protect your router is to change the default user ID and password information used to access the router.
To do so, connect your PC to the router via Ethernet or Wi-Fi, start your browser and point it to the URL or IP address provided in the router's setup guide or manual.
You will be asked to enter the user name and password, which can be found in the manual. To change these, locate the Admin section of the router's settings.
Some routers helpfully prompt you to change the default password when you log in for the first time.
Create a strong password by having a mix of letters, symbols and numbers. Make it at least eight characters long.
Having a strong password is especially important if you are planning on enabling the router's remote management feature that exposes the router login to the Internet.
After tweaking the router settings, you should log out of the device.
Staying logged in puts your router at risk of being hit by cross-site request forgery (CSRF) attacks from malicious websites.
These are attacks that attempt to issue requests to the router via the authenticated information stored in the browser.
CHANGE THE DEFAULT WI-FI PASSWORD
While you are logged in, you should probably also change the default Wi-Fi passwords.
Although manufacturers usually generate unique default Wi-Fi passwords for each router, often stickered on the device, you probably want to change the password to your own rather than trying to remember another Wi-Fi password.
RENAME THE WI-FI NETWORK
You should rename the default Wi-Fi network name (SSID) too.
Doing so will make it easier for you to find your SSID, especially if your neighbours also happen to own a router from the same manufacturer.
It may even indicate to would-be hackers that you are tech-savvy enough to change the SSID, and perhaps they will look for an easier target.
On a related note, security experts agree that hiding your SSID does not help against would-be hackers as it is not difficult to unmask a concealed SSID.
It just gives a false sense of security and inconveniences legitimate users.
UPDATE YOUR ROUTER'S FIRMWARE
Keeping your router updated with the latest firmware is essential, as such updates usually happen when manufacturers patch security vulnerabilities.
New firmware may also fix other bugs and even improve the router's performance.
Most modern routers let you download the latest firmware directly from the router settings.
If not, you can find the updates on the manufacturer's website.
PREVENT WEB SCRIPTING ATTACKS WITH BROWSER EXTENSIONS
These extensions also offer the ability to whitelist trusted sites so that you can use legitimate Web pages like your bank's websites normally.
An additional step to prevent CSRF attacks is to change the default IP address used by routers, such as 192.168.0.1 or 192.168.1.1 to your choice of IP address.
This makes it harder for hackers, especially if they are using a generic scripted attack that targets certain router models.
TURN OFF UNNECESSARY FEATURES
Some networking features, such as Universal Plug and Play (UPnP), and Wi-Fi Protected Setup (WPS) are useful, but they can be exploited under certain circumstances.
To err on the side of caution, you should check that they are disabled in the router's settings.
Most modern routers turn off UPnP by default.
WPS poses less of a risk as it requires the hacker's device to be physically close to your router.
BUY AN ENTERPRISE-GRADE ROUTER
Networking vendors devote more resources to their enterprise products as businesses have higher security requirements.
These routers will cost more than consumer routers, but the added security features, such as a built-in firewall with intrusion detection, may be worthwhile.
The downside is that these routers are not as easy as home routers to configure and use.
This article was first published on Jan 18, 2017.
Get a copy of The Straits Times or go to straitstimes.com for more stories.