If you go to great lengths to install a physical door with a good lock to close off access to strangers in your home, why don’t you do the same to secure your digital life? The main one in charge of this management is the router, perhaps the least known device of our IT infrastructure despite its enormous importance and to which it is too generalized not to pay too much attention. Until problems arise…
In the consumers’ defense it must be said that in a typical use case the same Internet service provider is the one that installs and manages the router.. The operator does not usually provide information about its features, much less about functions that should be known to customers. In other cases they even block those features. In other cases they send the router by mail, activating it remotely, so you can’t even talk to a technician and you have to find the information yourself.
And to close the circle, to say that the routers of the operators are usually cheap OEM models that in many occasions do not have the due capacity. With these premises, it is almost logical for an ordinary consumer to forget about a device with poor visibility. Until we have access to the Internet, we lose performance, we cannot connect to Wi-Fi or, worse, we get a good “bug” in the form of malware for not having properly secured the device.
Router management, basic and advanced
The local network is an indispensable component of any IT infrastructure and the router is the main device in it, serving the Internet, connecting devices and also serving as a “lock” to strangers trying to access our digital home. In addition, the increase of connected devices and the functions they have to support, including access to the Web and the multitude of Internet services (online multiplayer gaming, multimedia streaming, downloads…), has been a constant in recent times.
Whether on the operator’s router or if you have bought another upgraded one (highly recommended). it is worth investing a few minutes in a management that can save us a lot of headaches in the future, improving the security and performance of your home network. Let’s go through them.
Change the default login
The easiest access to the router is through a web interface via its access IP address (192.168.0.1, 192.168.1.1 or similar). Almost all routers of the same make or model have a specific username/password programmed to facilitate access to the router. This type of access is public knowledge, is usually as simple as the well-known “admin/admin” and must be provided by the operator/manufacturer.
If you do not know it, a search on the Web is enough to know them and there are even specialized tools such as RouterPasswords that provides the data of any known brand and model. It is therefore necessary, change at least the access password as soon as possible. to prevent unauthorized access to the router and thus control of our entire network. The well-known moral of the story applies here: “change the administrator password before someone changes it for you”..
Like any other electronic device, the router has a set of operating instructions and tools stored on a memory chip inside the device. Firmware updates on a wireless router are usually quite stable and therefore infrequent, but it is advisable to update them when new versions are released by the vendor. In addition, there are specific exploits and vulnerabilities that attack router firmware. with the dire consequences we have seen in many attacks.
The more advanced models have an automatic update feature that can be scheduled at set times so that the user does not miss activity. It’s a good way to keep it up to date.
Change the Wi-Fi password
Just like the router access password, it is. fundamental to change the default password for access to the wireless Wi-Fi network.. Although the situation has improved, there are still many operators that use less secure protocols and passwords that can be easily known. Or that are placed on a sticker on the router itself, perhaps within reach of third parties that you do not want them to know.
All current routers (or Wi-Fi access points) support strong encryption such as. WPA3 and it is the protocol that we should use whenever it is available. As for the password, you know, it is useless to use a strong protocol if we put the name of our dog, known by all our neighbors. It should be the longer the better, combining uppercase, lowercase, symbols and numbers or generate random keys with password managers.
Change the SSID or hide it
The SSID (Service Set IDentifier) is a name included in all wireless network packets. With a maximum of 32 alphanumeric characters, it refers to the name of our wireless network or others that are within range of a device or computer. The name included by default, usually gives away the model and manufacturer, something that is not convenient to reveal. In addition to changing its name, the configuration of the routers allow the option of hide this SSID to prevent it from being displayed as a wireless network.. There are special programs that can track them even when hidden, but this is a recommended option.
Disable remote access to the router
Ninety-nine percent of home users do not need this feature that allows access to the router from any point with Internet access. Since the router functions not only as the brains of the home network management, but also as a firewall, remote access can be another open door for third parties to gain full access to the home network. Make sure that this function is disabled.
Manage MAC addresses
Each device that can connect to a network is assigned its own unique identifier in the form of a number called a MAC address. It is hard-coded into the production of each device and cannot be changed. This allows us to control exactly which devices can (or cannot) access our network.
Most of these wireless routers offer this MAC address filtering feature. You can block specific devices or for added security create a list of only those devices that can connect.. The MAC address of each device is easily known with the “ipconfig” command on Windows, Mac or Linux. On Android or iOS devices you can see it in the advanced Wi-Fi settings.
Take advantage of less saturated bands
If you are fortunate enough to have a wireless router that supports Wi-Fi 6E, you can take advantage of the expanded band to 6 GHz brought in by the latest wireless standard. The same with the 5 GHz band, both less saturated, with less interference, more stable and potentially faster than the 2.4 GHz band. Most new routers allow simultaneous use of both bands or the creation of separate wireless networks for each. You will need devices that support it for maximum performance. Remember, however, that the 2.4 GHz band has a longer range than the other bands.
Change the access channels
A wireless router transmits data on one of several available “channels” (13). If, as is common in a community of neighbors, there are a lot of routers in the vicinity using the same channels, it is likely to interfere and is one of the causes of performance loss.. The most advanced routers try to avoid this by automatically selecting the best channel, but the ideal is to do it manually and check the performance of each of them. There are external applications that can help you. See this tutorial if you need it.
Prioritize traffic with Quality of Service
QoS (Quality of Service) is the average performance of a telephone or computer network from the users of the network. It measures parameters such as error rates, bandwidth, throughput or transmission delays. When bandwidth is maxed out by the use of multiple applications and devices, services such as online gaming, streaming or video conferencing can experience massively degraded performance.
This is where this “quality of service” comes in with which. we can prioritize the services we need at the expense of less important ones. Some routers also offer support for Wi-Fi Multimedia (WMM) connections, a specialized type of QoS that automatically prioritizes voice, audio and video data in an attempt to improve multimedia performance.
Manages port forwarding
The Port Forwarding is the function of port forwarding and allows remote computers (e.g., public machines on the Internet) to connect to a particular computer within a private LAN. A router uses ports to filter traffic into different types (http commonly uses port 80 or incoming email via SMTP uses port 25).
There are 65,536 ports in total and for security reasons most of them are blocked by default. If software or services use non-standard port ranges the router may not be able to send data to a given device. If you have this problem (e.g. network connections on game consoles or for accessing Torrent networks) you will have to manage this port forwarding.
Use Guest access
It is a given that someone visiting your home will ask for your Wi-Fi password to connect their own device. If you can’t refuse but want to remain in control of your network, guest mode is ideal because it sets up a sort of sub-network with its own SSID and password, without access to your main network. Connected users have access to the Internet and nothing else, and you can restrict the number of people who can connect at any given time.
Use parental controls
In a similar vein to guest mode, many modern routers also offer parental control features, especially aimed at controlling the use of the youngest members of the household. The exact features may vary from router to router, but in all routers it is possible to limit aspects such as Internet access times. Ideally, it is best to work with the MAC address of the device to be controlled, although there are other ways.
File sharing on the network
Many modern routers include an additional USB port. Most users do not use it but it can be used, for example by connecting an external storage drive to share files. Once connected and configured you can access its contents from any device connected to the network. It can also be used to connect a printer. This function you will see as DLNA
Beware of mobile apps
All of the above features are configured through the router’s control panel, typically accessible from the web browser of a computer connected to the network. However, some of the consumer routers can be controlled through smartphone apps. You can try them out but you need to have be careful with them because of the security aspects.. In fact, one of the general security recommendations is to disable remote access to the router as we saw above.