In September 2019, researchers at ESET , a leader in proactive threat detection, discovered 125 security flaws in routers from the most popular brands on the market. Thinking about the safety of users, ESET offers tips to increase the security of the Wi-Fi network.
As each router has different characteristics and functionality, it is important to know what your type is and the settings. With that in mind, ESET recommends having the router's IP Address ready and following the instructions below:
NOTE: if you do not know the router's IP address it is very easy to find out. The first fundamental step that you need to take to achieve this sequence is to start the web browser that you usually use to browse the Internet (for example, Chrome, Edge or Safari), and type in the address bar one of the following IPs and press the enter key on the keyboard.
Some brands of routers also use some strategies, such as using a URL that acts as a converter of the access IP address, which makes it easier to remember the address. TP-Link, for example, uses the address tplinklogin.net. You can also check the IP address using a tag located on the router itself. Another alternative to find out your router's IP address in Windows is to use CMD, the command prompt.
The procedure is as follows: in the Windows search bar, type CMD or command prompt. In the terminal window, you will enter the following command: ipconfig. Then press enter. You will now receive a report on the IP configuration and the Ethernet controller.
Among the information listed, two in particular are those that are most related to the topic we are discussing here. The first one is the IPV4 address, which is the unique IP address assigned by your router to this device, which is part of your internal network, and the second information is also related, and it is the IP address that will give access to the panel. router configuration, is the Default Gateway . This is the IP address you will enter in your browser's search field to drop down to the login screen for the router.
That said, let's go to the tips to improve the security of your home Wi-Fi:
Router passwords and users are usually set to a factory default so that users can enter the configuration page and change them on their own. If this modification is not made, any attacker who successfully enters the network can access your router only with the default password available on the manufacturer's website. Therefore, this step is essential for network security.
When entering the website to access your router and wi-fi, it is ideal to configure it with complex passwords, with several characters, including capital letters, numbers and symbols (eg: ABxy1234!@). Preferably, the password must not be related to your name, profession, address, age, birthday, among others. Here at Hashsecure.in we have a password with valuable tips for you to use when creating a really secure password.
ESET recommends filtering who connects to your network, to reduce the possibility of access by strangers, even if the person has the correct password for your network. This restriction is generally applied to Media Access Control (MAC) and there are two ways to implement it:
- Black list: all devices included in this list will not be able to access the network
- Whitelist: all devices included in this list will be able to access the network.
Although it is not always possible, it is recommended that this setting be disabled so that only devices connected to the router via a cable are able to change settings. The purpose of this is that if an attacker succeeds in breaching the security of the wi-fi network, he will not be able to access these settings unless he has physical access to the router.
If you want to protect the wi-fi network with a password, it is necessary to choose the security protocol to be used, there are three: WEP, WPA and WPA2. Currently, the use of WEP and WPA is disregarded, as they are not as safe as WPA2. In case you don't have the WPA2 option, the WPA option would be the second best. Once WPA2 is chosen, there are two options: personal and corporate. For home use, the personal version is advisable. In addition, there are options for the encryption algorithm that your network will use: AES or TKIP. Since TKIP is an older algorithm and is considered less secure, it is advisable to use AES.
Creating an invite-only network, with your own password and security settings, helps prevent attackers from accessing your network from third-party devices that have connected to your internet. This procedure also prevents anyone using your network from connecting to your devices.
As each router has different characteristics and functionality, it is important to know what your type is and the settings. With that in mind, ESET recommends having the router's IP Address ready and following the instructions below:
NOTE: if you do not know the router's IP address it is very easy to find out. The first fundamental step that you need to take to achieve this sequence is to start the web browser that you usually use to browse the Internet (for example, Chrome, Edge or Safari), and type in the address bar one of the following IPs and press the enter key on the keyboard.
- 192.168.0.1
- 192.168.1.1
- 192.168.1.254
- 10.0.1.1
Some brands of routers also use some strategies, such as using a URL that acts as a converter of the access IP address, which makes it easier to remember the address. TP-Link, for example, uses the address tplinklogin.net. You can also check the IP address using a tag located on the router itself. Another alternative to find out your router's IP address in Windows is to use CMD, the command prompt.
The procedure is as follows: in the Windows search bar, type CMD or command prompt. In the terminal window, you will enter the following command: ipconfig. Then press enter. You will now receive a report on the IP configuration and the Ethernet controller.
Among the information listed, two in particular are those that are most related to the topic we are discussing here. The first one is the IPV4 address, which is the unique IP address assigned by your router to this device, which is part of your internal network, and the second information is also related, and it is the IP address that will give access to the panel. router configuration, is the Default Gateway . This is the IP address you will enter in your browser's search field to drop down to the login screen for the router.
That said, let's go to the tips to improve the security of your home Wi-Fi:
Modify the default username and password
Router passwords and users are usually set to a factory default so that users can enter the configuration page and change them on their own. If this modification is not made, any attacker who successfully enters the network can access your router only with the default password available on the manufacturer's website. Therefore, this step is essential for network security.
Use complex passwords:
When entering the website to access your router and wi-fi, it is ideal to configure it with complex passwords, with several characters, including capital letters, numbers and symbols (eg: ABxy1234!@). Preferably, the password must not be related to your name, profession, address, age, birthday, among others. Here at Hashsecure.in we have a password with valuable tips for you to use when creating a really secure password.
Network access control:
ESET recommends filtering who connects to your network, to reduce the possibility of access by strangers, even if the person has the correct password for your network. This restriction is generally applied to Media Access Control (MAC) and there are two ways to implement it:
- Black list: all devices included in this list will not be able to access the network
- Whitelist: all devices included in this list will be able to access the network.
Disable the router's remote management option:
Although it is not always possible, it is recommended that this setting be disabled so that only devices connected to the router via a cable are able to change settings. The purpose of this is that if an attacker succeeds in breaching the security of the wi-fi network, he will not be able to access these settings unless he has physical access to the router.
Wi-Fi network security protocol:
If you want to protect the wi-fi network with a password, it is necessary to choose the security protocol to be used, there are three: WEP, WPA and WPA2. Currently, the use of WEP and WPA is disregarded, as they are not as safe as WPA2. In case you don't have the WPA2 option, the WPA option would be the second best. Once WPA2 is chosen, there are two options: personal and corporate. For home use, the personal version is advisable. In addition, there are options for the encryption algorithm that your network will use: AES or TKIP. Since TKIP is an older algorithm and is considered less secure, it is advisable to use AES.
Set up a guest network:
Creating an invite-only network, with your own password and security settings, helps prevent attackers from accessing your network from third-party devices that have connected to your internet. This procedure also prevents anyone using your network from connecting to your devices.
To improve network security, it is important to take into account a more complete defense, implementing several security measures simultaneously, increasing protection. With this, the attacker will have more obstacles to face when trying to break into your network, which facilitates the identification of a possible invasion attempt ”, says Daniel Kundro, information security specialist at ESET Latin America.
