How to Configure and Secure a Home Wi-Fi Router

A great way to reduce your cyber risk is to ensure your home Wi-Fi network is properly configured and secured. Think about how many devices are connected to your home’s wireless network right now. In modern households, there could easily be a dozen or more connected devices. Laptop computers, tablets, video game consoles, home security cameras, smart thermostats, and smart home lighting kits all need internet access to work properly. To protect yourself and your home network from cyber threats, there are a few steps you’ll need to take. Use the instructions below to help you set up a new wireless router or even audit and secure your existing set-up.

Physical Setup

When setting up your router, there are a few things to keep in mind. Depending on what brand of router you choose, internal components may differ, but the interface and external ports that you will see are generally the same. Also, many people opt to use one device that operates as both a router and a modem. If you use a combination modem/router unit, skip the second step in the physical setup process.

  1. Plug the provided coaxial cable or DSL phone line into your modem.
  2. Connect the Ethernet cable from your modem into your wireless router.
  3. Plug in the AC power adapters for each and then turn on the devices.
  4. Connect your computer to the router either via an Ethernet cable or to the now-available Wi-Fi signal using the default password provided by the router manufacturer or the password provided to you by your internet service provider (ISP) if you acquired the router from them.

Setup Wi-Fi Using the Web Interface

Once your computer is connected to the router, you’ll need to navigate to the router's web interface. The web interface allows you to view and control what’s connected to your home's wireless network.

  1. Locate the router’s web interface by entering its IP address, or “default gateway,” into the URL field of your web browser. To find the correct IP address, either consult the router’s documentation or use the following instructions on How-To Geek to locate it on your system.
  2. Once located, open your web browser and type that IP address into the URL field. The address will consist of numbers separated by three periods, such as 192.168.1.1.
  3. Use the setup wizard to customize your network settings. This will consist of naming your wireless network and establishing a network password. Additional recommended settings are described below.
  4. Connect your devices to the Wi-Fi network using the new password.
  5. You should now be online!
 

The following are all recommendations that can protect your network, data, and IoT devices:

Change the router default username and password:

One of the first steps you should take to secure your Wi-Fi network is to change the default administrator username and password that comes with your router model by default. In most cases, the default username and password are publicly available online and, therefore, can be abused by threat actors to gain access to your network.

Change the SSID:

Wi-Fi network names, or service set identifiers (SSIDs), can range from the mundane ("Café Hotspot") to the intimidating ("FBI Surveillance Van"). Whatever the inspiration behind your SSID is, it actually serves a more important role than just personalization. The router will likely come with a default SSID that includes information on the router’s make and model. This information can be very useful to those looking to exploit vulnerabilities contained in these routers in order to gain unauthorized access to networks. Therefore, it’s a good idea to change the SSID and to disable SSID broadcast so that the network is hidden, requiring users to manually enter the network name before connecting to it.

ssid.png

Enable WPA2 with AES:

It is important to ensure that all of your personal data is properly encrypted when using devices on your Wi-Fi network. To do this, there are three possible wireless security protocols: Wired Equivalent Privacy (WEP), Wi-Fi Protected Access (WPA), and Wi-Fi Protected Access Version 2 (WPA2). WEP was the first of the three developed; it has numerous known security vulnerabilities and should be avoided. WEP was superseded by WPA in 2003 and later by WPA2. Of the three, WPA2 is the most secure and should be the setting you select when configuring your Wi-Fi network. 

But wait, there's more! Most routers actually give you two to three different WPA2 options:  Advanced Encryption Standard (AES) or a combination of AES and Temporal Key Integrity Protocol (TKIP). TKIP is designed to work with WPA whereas AES is designed to work with WPA2. The mixed AES+TKIP option allows for backwards compatibility with older devices that only allow for WPA-TKIP. Although backwards compatibility might seem like a good idea, using the mixed option actually introduces the same vulnerabilities as using WPA-TKIP on its own. The best option is to select WPA2-AES, as this is the most secure. In fact, AES is officially endorsed by the National Institute of Standards and Technology (NIST) and the U.S. Government even uses it to encrypt sensitive information.

wpa2.png

To access your router settings and change settings like the SSID and wireless security protocols do the following:

  • Use the same IP address used to change the default username and password to access the router settings.
  • Enter the router's admin username and password.
  • Change the SSID and, if you choose, disable the SSID broadcast through the provided options.
  • Select your Wi-Fi encryption, WPA2-AES.
  • Once you select WPA2-AES, you will be prompted to enter a password. This will be your new Wi-Fi password and will be required to be entered when connecting devices to your network. An ideal password is long, complex, and hard to guess.  

Update the firmware on your router:

Unlike most operating systems on computers that perform automatic updates or prompt you to install updates, the operating system of a router – known as firmware – needs to be downloaded and installed manually by the user. While this may seem tedious, often times, the provider's website has an updated version available for installation. Keeping your firmware up to date can provide a range of benefits. Firmware updates may patch vulnerabilities or correct bugs that are compromising the security of the information traversing your network. They may also upgrade encryption modules that have become outdated, adding another level of security to your data.

firmware.png

Separate devices – create different networks for different purposes:

Create different networks for different devices in your home. For instance, you may want to keep lights, thermostats, and surveillance cameras separate from devices like cellphones, video game consoles, or laptops. You may also want to create a separate guest network for visitors to use while in your home. This can help protect your personal devices from unauthorized access and malware infections designed to spread across networks.

sep devices.gif

Place the router in the center of your home:

Generally, the best place for your router is in a central location, away from thick walls and solid surfaces that can interfere with Wi-Fi coverage and speed. Positioning your router on a shelf or table will reduce the distance that the signal has to travel. Typically a good signal is viable within 150 feet from the access point.

  • It is recommended to limit your Wi-Fi signal coverage to within your home to reduce the risk that unauthorized parties beyond your walls will gain access to your network.
wifi location.jpg

These simple steps will help you create a more secure home network and help protect your data and internet-connected devices. If you have any questions about this or any other resource, please contact the NJCCIC at NJCCIC@cyber.nj.gov.