Securing a router & wireless network is very important because if you don't, your neighbors can not only borrow your Internet connection, but also access your files and check up on what you're doing. Even worse, hackers can use your internet connection to upload illegal materials and steal your personal financial information. Unfortunately many consumer and small-business routers come with insecure default configurations, have undocumented backdoor accounts, expose legacy services and have firmware that is riddled with basic flaws. Below are some helpful tips that will make your home or business network much more secure. Avoid using routers supplied by ISPs. These routers are typically less secure than those sold by manufacturers to consumers. They often have hard-coded remote support credentials that users can't change and patches for their customized firmware versions lag behind patches for the same flaws released by router manufacturers.
Change the default admin password.
The router's web-based management interface should not be reachable from the internet. For most users, managing the router from outside the LAN (local area network) is not necessary. If remote management is needed, consider using a VPN (virtual private network) solution to establish a secure channel to the local network first and then access the router's interface.
Choose a complex Wi-Fi password and a strong security protocol. WPA2 (Wi-Fi Protected Access II) should be the option of choice, as the older WPA and WEP are susceptible to brute-force attacks. If the router offers the option, create a guest wireless network, also protected with WPA2 and a strong password. Let visitors or friends use this isolated guest network instead of your main one. They might not have malicious intentions, but their devices might be compromised or infected with malware.
Disable WPS (Wi-Fi Protected Setup). This is a rarely used feature designed to help users set up Wi-Fi networks easily by using a PIN printed on a sticker. However, a serious vulnerability was found in many vendor implementations of WPS a few years ago that allows hackers to break into networks. Because it's hard to determine which specific router models and firmware versions are vulnerable, it's best to simply turn off this feature on routers that allow it. Instead,
Keep your router's firmware up to date. Some routers allow checking for firmware updates directly from the interface while others even have an automatic update feature. Sometimes these checks might be broken due to changes to the manufacturer's servers over the years. It's a good idea to regularly check the manufacturer's support website manually for firmware updates for your router model.