The 5 security measures to put in place immediately on a new router
The WiFi router is the heart of the network at home: it is he who connects all devices between them and the internet. However, it is not inviolable and like any good “heart” it can even be a weak point if it is not properly protected!
I propose today to set up some simple security measures to limit external connection attempts on your network … Each of the proposed solutions is more or less effective to protect your network, but still know that none allows total protection … I describe here the usefulness of each of these measures, I will not explain to you however how to out them into practice because it depends largely on your WiFi router.
1. Use a VPN: Browse hidden internet!
Virtual Private Networks (VPNs) are tools for connecting two different local networks with a tunnel protocol. This tunnel will seem like a simple point-to-point link and spyware will not see the tunnel.
VPNs are used in two different ways:
- VPN on PC: VPN on PC can encapsulate in the tunnel all the data that pass on the PC, or just the data of a selected application. These are the most used VPNs today but their limitations of use will quickly make them obsolete.
- VPN on router: It is also possible to install a VPN directly on your router, the difference? The router can apply VPN tunnel usage for ALL home-connected devices … even those that do not allow direct VPN installation (such as connected watches or home consoles).
VPN for routers allows more use and even allows to use a VPN on devices that do not support it: the encapsulation of data is now done at the router and not the device, it is sufficient that the device can connect to a router to use the VPN on it.
That said, important note: the VPN service used must absolutely be trusted. There is no point in using an additional service that will potentially handle confidential data if it does not certify some data security.
2. Hide the network SSID: Connect to a ghost network!
The SSID of the network is the little name you can give it to find it easily when you connect. It is therefore possible to customize it to facilitate its identification but it is also possible to hide it to make the network more difficult to locate.
If you make this change, the name of your network will no longer appear in the list of “available networks” when you try to connect a new device … And this is the interest of this protection, because now for connect to the network you will not only enter the password as usual, but also enter the SSID of the network to identify it.
Unfortunately, as I told you at the beginning of the article, this measure is not enough to protect your network, there are indeed programs called “sniffers” that can monitor the activity on nearby networks. With such a program it is possible to recover the SSID of the network and make this additional protection null and void.
The idea is therefore to manage the SSID name in addition to traditional best practices: powerful password, etc.
3. Disable DHCP: The Router’s Border Post!
Did you know ? In your router is a program that fulfills the role of “border post”: DHCP.
A border post in my router, how? As you can imagine, there are no miniature customs officers in the box, however there is a program called Dynamic Host Configuration Protocol (DHCP) that allows automatic configuration of the IP parameters of devices connected to the network. To put it simply: DHCP distributes IP addresses (essential for browsing the internet) to the different devices connected to the router’s network.
But if I disable it, it’s the Shengen space and everyone goes in and out of my network as he wants, right?In fact, not at all: it’s even the opposite that happens … You can not use your router without a system to distribute IP and disable DHCP will suspend the automatic allocation of IP addresses, so it will take that we assign the IP addresses by hand.
For this you have to make a list of ALL the devices that you want to connect to the network and we associate an IP of the range of the router.
You want to make life impossible for hackers? Put some special French characters in your
SSID(EDIT: in your password , thank you Mirabellette) “ç, à, é, è …” These characters specific to the French language are less likely to appear in the dictionaries of English-speaking pirates …
4. Filter MAC addresses: Only your devices can connect!
Each connected device (able to use the internet) has its own MAC address to identify and authorize or block the internet connection.
There is a feature on all recent WiFi routers to apply a filter to the MAC addresses that connect to the network. The principle is very simple: You retrieve the MAC addresses of all the devices that you want to connect to the Internet, You enter the list of MAC addresses in the white-list of the router and you black-list all the other MAC addresses of the network. If an outsider tries to connect to the network: his device is denied. ( EDIT : provided you do not neglect the case of MAC spoofing of usurping the MAC address, thanks to Schwarzer)
I had implemented this extra security at home, but it has a major disadvantage: the guests. Since only your devices are allowed to connect you will need to add an additional MAC address from the list of devices in White-List each time someone wants to connect to your home. For more security it will also remove the MAC address from the list of authorized devices once your guest has finished using the Internet …
5. Turn down the power of your router: Less WiFi for more private use
During my student years I spent a lot of time in a student residence, with a very rough free WiFi and poorly secured connections from all sides … The paradise of a young Geek looking for internet not too expensive !
At the time, I found a completely open connection to which I could connect to enjoy a much more comfortable connection than the free connection to the residence. In looking for its source I realized that it was a neighbor two floors higher that emitted the signal.
All this to make you understand that a powerful router is cool, but still need to know how to use it properly.
If you live in a student residence with walls as thin as those I had, the WiFi signal will have no trouble crossing them to spread to several meters around you. It can also happen in an apartment and even in a house if you are close to your neighbors!
To avoid this problem there are not 36 solutions: we will clamp our router! In the settings of the majority of recent routers, it is possible to find a setting for the power of the emission of WiFi. To show the advanced performance of their routers, the constructors always set this value up, but this is not necessarily the best choice.
A conclusion that can change everything
Good practices are certainly obstacles to piracy or certainly useful safety barriers. But common sense and mistrust will always prevail over the tools or technical measures you use.
Last important note, some points may also make the network more difficult to use when you have guests wishing to connect to your network. This is the classic problem between security and ergonomics. It’s up to you to make the right choice.
I hope this article will have helped you find the missing security features or tuning on your router to navigate with peace of mind. You can also see the excellent comments below for more details on certain points.
This site uses Akismet to reduce spam. Learn how your comment data is processed.
Recent Posts: TechnoBlogy