Home networking explained, part 6: Keep your network secure
CNET editor Dong Ngo offers a few (OK, five or six) simple tips on keeping your home network secure.
Editors' note: This post is part of an ongoing series. For the other parts, check out the related stories section.
If you were concerned after reading CNET's recent report that most home routers can be easily hacked, I don't blame you. The study did sound ominous, but the good news is that your network is likely far less susceptible than the report suggests. And more importantly, there are things you can do to make sure it's secure.
Two things are vital to keeping your network safe: proper settings and prudence. The first step is easy; you just need to adjust the settings on your router once. The second step, however, takes more effort. Whenever you're online, you'll need to be prudent about your activities.
Here are some router and network settings tips that will help keep your home network safe.
Before I begin, note that with most routers you'll need to access the Web interface to change the settings. You can read part five in this series for the full details. For Apple products, you can customize the applicable settings via the AirPort Utility, which is freely downloadable and included in Mac OS 10.7 or later.
1. Encrypt your Wi-Fi network.
Give your Wi-Fi network, identified by its SSID (a string of characters), a password so that (ideally) only those users you know and trust can connect to your network. This password should be hard to guess, but easy to remember and type -- even on a small smartphone keyboard. The password should be at least eight characters long and should include both numbers and letters. And if your router lets you use passwords with spaces, that's even better.
Note that depending on the router, this password will be referred to in the Web interface as either the encryption key, the pass-key, the pre-shared key, or the passphrase. The exact Settings menu where you determine your password will vary as well.
You also need to consider which industry security standards your router supports. The three current standards from strongest to weakest are WPA2, WPA, and WEP. Though WPA2 is more secure, at present WPA is compatible with more client devices.
2. Change important default settings.
A router comes with many default settings. Since those are set by the vendor, they are public knowledge. Using the default settings may help make the setup process easier, but it also makes your router more susceptible to unauthorized access.
The two settings that you should change to keep your router safe are its default IP address and default log-in password. Why? Well, as mentioned in part 5, these are the two pieces of information that let you access your router's Web interface and manage all of its settings.
First, in the Local Area Network (or LAN) setup part of the interface, set the router's IP address. You can change it to almost anything you want as long as the value of each dotted-decimal notation (the numbers separated by the dots in the IP address) is a number from 1 to 254. So for example, instead of the conventional 192.168.x.1, you can make it 10.11.12.13 or 18.104.22.168 or 22.214.171.124 and so on. Note that once you change the IP address, you'll need to use that new address to access the router's Web interface from then on. Also, avoid making the router's IP address the same as the IP assigned to your modem by your Internet service provider, called the WAN (wide-area network) IP address.
You can change the router's default log-in password via the Tools or Administration parts of the Web interface. Make sure that this password is hard to guess and different from the password used for the Wi-Fi network mentioned above.
3. Turn off remote access-related features.
Most routers are accessible over the Internet, so even when you're not at home you can remotely manage and use FTP (specifically for routers that come with a USB port to host an external hard drive for network storage). Don't turn these features on unless you know what you're doing. And when you do, make sure to use proper restrictions. For example, use HTTPS for the remote management, or change the port to something that's not conventional (which is a subject for another time).
Also, you should turn off the UPnP feature. It lets a UPnP-compatible device change certain router settings without logging in to the Web interface, and it could be exploited by hackers.
4. Update the router's firmware.
Typically, firmware updates from the manufacturer help improve a router's performance and security. Depending on the router, updating the firmware can take a few easy clicks, or you may have to first download the firmware and install it manually. Either way, though, the process should take just a few minutes. Remember, don't do anything until the upgrade process is done. Otherwise, the router might become permanently nonfunctional (aka, you might brick it.).
Note that some firmware might reset the router's settings to the factory default. That's why it's a good idea to back up the router's settings before upgrading or making any major changes.
5. Log out properly.
This step may sound trivial, but it's quite important. Make sure that you log out of the router's Web interface when you're finished making changes. Some interfaces have a log-out button, but with others you'll need to close the browser, too. Keeping a log-in screen open all the time could allow an attacker to access your router settings if your computer has already been compromised.
Bonus step: Turn on power line adapters' security features.
Another thing that can easily be overlooked: if you use power line adapters in your network, it's a good idea to turn on their security features. This is especially important if you live in an apartment building, as unscrupulous neighbors could tap into your network by using an adapter in their homes.
That's it! If you follow these steps, your router and your home network will be more secure. If you have more questions or tips on keeping your network safe, send them my way via Facebook, Twitter, or Google+, or just post them in the comments section below.