Your ISP router is the device that connects your home network to the Internet, a 24/7 world.
And your ISP router is the very first device hackers try to exploit and gain access to your network.
So it’s very important to make your home router as secure as your can.
Here are some tips to help make your home router more secure:
- Keep router’s firmware up-to-date
- Change default password
- Disable remote administration
- Disable Wi-Fi if not used
- Disable UPnP and manually configure port forwarding
- Port forward only if you have to
- Scan your router using online port scanning tool
- Extra: Use your own router
- Extra: Supplement your home network with VPN
1. Keep router’s firmware up-to-date
Security holes or new vulnerabilities could be found over time. New firmware is released to fix these security weaknesses.
Check for new firmware regularly and upgrades to the latest compatible firmware available for your router.
2. Change default password
Don’t use default password. Change it. Many default passwords can be found online.
Consider use a strong password like you would do to secure online accounts. Change the username too if possible.
If available, also limit the number of consecutive login attempts to avoid brute force attack.
This is especially important if you allow Remote Administration. Check the next tip.
3. Disable remote administration
It’s really rare you would need to update your router from outside your home. Allowing remote administration means that others can also attempt logins to your router.
Disable remote administration or your network could be at risk from outside attacks.
4. Disable Wi-Fi if not used
There are situation you don’t use Wi-Fi from the router:
- the router is too far away (e.g. in basement) for Wi-Fi to be useful
- you have a separate Wi-Fi access point for better bandwidth/coverage
Disable Wi-Fi if you are not using it.
If you are using Wi-Fi, also follow the tips to make your home Wi-Fi more secure.
5. Disable UPnP and manually configure port forwarding
Universal Plug and Play (UPnP), allows application to automatically forward a port on your router.
While very convenient, it also serves as a way for hackers to gain control of your device.
So do not use UPnP. Instead, manually setup port forwarding as you need.
6. Port forward only if you have to
Opening port at your router to forward traffic to your internal devices should be done with caution.
If you port forward to a service that has a vulnerability, bad guys may try to exploit that vulnerability to gain access to your device.
Some routers allow you to set schedule when the port forwarding is active. Use that if you know your time range of using the service.
And remember to close the port forwarding when you don’t need it anymore.
7. Scan your router using online port scanning tool
A bunch of online port scanning tools like Pentest-tools and ShieldsUp! are available over the Internet.
With a quick test, you can check out what your router has made available to the Internet. Then you can decide if action is needed to further tighten your security.
8. Use your own router
Stay tuned with news about any malware attacks targeting routers (e.g. VPNFilter malware). It’s not safe to have your router vulnerable to attacks.
If your ISP router is affected, check for new firmware update frequently or contact your ISP.
Or consider replace it with a commercial grade, more secure router. It depends on the Internet service connection/providers, some could be easy to replace while others give you headache.
There are most likely some instructions, methods and compatible routers you can find over the web for your specific Internet setup. Check them out first.
Bare in mind that it would typically require more in depth knowledge on networking.
9. Supplement your home network with VPN
Virtual private network (VPN) is a great technology to further protect your network security and privacy.
When you use a VPN service for your home network, all your network traffic will be encrypted and route through the VPN provider’s server. This adds better security because no one can tap into your network traffic to extract your personal information.
In the event of compromised router, VPN can also help protect your network because the attackers can’t read your traffic. Therefore, you can still use your Internet service while you take the necessary measures and time to fix your router.
Moreover, VPN would hide your actual location and IP address, giving you better privacy.