Heimdal
article featured image

Contents:

The only measure most people use to protect their home wireless network nowadays is to set up a password and prevent neighbors and other people from taking control of your data. But we have to be more serious about home network security and do more than just setting a simple password.

Installing a virtual private network (VPN) solution is a great security add-on for the home devices you use most often. Creating a private network from a public connection, allows you to browse the Internet safely and maintain your data privacy. In this way, malicious actors will have a very hard time tracking you down online.

Securing the home network has two main components. The first one is router security, whose foundation is investing in a high-quality next-generation device that comes with inbuilt security controls. This will allow you to set up a firewall, VPN, parental controls, and even DNS filtering from the router itself.

The second component to keep in mind is securing the devices that connect to the network via the router. This includes both wireless and cable links.

In this article, you will learn how you can better protect your network connection and decrease the chances of getting your valuable data compromised. Use these steps below to enhance the security of your home wireless network.

How to Secure Your Wi-Fi Router

Step 1. Update the router firmware to the latest available

The software is an essential part of your wireless network security. The wireless router’s firmware, like any other software, contains flaws that can become major vulnerabilities and be ruthlessly exploited by hackers.

Unfortunately, many wireless routers don’t come with the option to auto-update their software, so you have to go through the hassle of doing this manually. And even for those Wi-Fi networks that can auto-update, it still requires you to switch on this setting.

But, we remind you about the importance of software patching and how neglecting to do this can leave open doors for cybercriminals to exploit various vulnerabilities.  Read what security experts have to say about updating your software and why it is key to online security.

Step 2. Change your router administrator login

To set up your wireless router, you usually need to access an online platform or site, where you can make several changes to your network settings. You can usually access this by entering your router’s IP address into your web browser.

If you have a new router, you can find its IP address listed on the manufacturer’s website or in the product manual you were provided with upon purchase. However, if your device is rather old, you can still discover its IP by following this handy guide.

These basic steps will teach you how to easily connect to your home network as an admin. Usually, the address bar type looks like http://192.168.1.1 or http://192.168.0.1.

Most Wi-fi routers come with default credentials such as “admin” and “password” which are easy for malicious hackers to break into. Therefore, you need to access the router’s settings and change them to unique credentials that cannot be guessed so easily.

My recommendation is to create a username that isn’t personal to you in any way and pair it with a strong password that contains both uppercase and lowercase letters, as well as alphanumeric characters.

Step 3. Change the default Wi-Fi network name

If you want better wireless network security, the first thing you should do is to change the name of your Wi-Fi network, also known as the SSID (Service Set Identifier). While giving your Wi-Fi a somewhat provocative name such as “Can’t hack this” may backfire at times, other names such as “this is not a Wi-Fi” or “too fly for a Wi-Fi” are perfectly acceptable.

Changing your Wi-Fi’s default name makes it harder for malicious attackers to know what type of router you have. If a cybercriminal knows the manufacturer name of your router, they will know what vulnerabilities that model has and then try to exploit them. We strongly advise not to call your home network something like “John’s Wi-Fi”.

You don’t want them to know at first glance which wireless network is yours when there are probably three or four other neighboring Wi-Fis. Also, remember that disclosing too much personal information on a wireless network name may expose you to an identity theft operation. Here’s a step-by-step and simple guide that explains how you can easily change the name of your wireless network.

Step 4. Set a strong Wi-Fi Password and activate the highest encryption possible

You probably know that every wireless router comes pre-set with a default username and password, which is needed in the first place to install and connect your router. The worst part: it’s easy for hackers to guess it, especially if they know the manufacturer.

So, make sure you change them both immediately. A good wireless password should be at least 20 characters long and include numbers, letters, and various symbols. And, most importantly, don’t use the same password as the router admin one.

As for encryption, wireless networks come with multiple encryption languages, such as WEP, WPA, WPA2, and WPA3. To better understand this terminology, WPA2 stands for Wi-Fi Protected Access 2 and is both a security protocol and a current standard in the industry (WPA2 networks are almost everywhere) and encrypts traffic on Wi-Fi networks.

It also replaces the older and less secure WEP (Wired Equivalent Privacy) and is an upgrade to the original WPA (Wi-Fi Protected Access) technology. Since 2006, all Wi-Fi-certified products should use WPA2 security.

WPA2 AES is also a standard security system now, so all wireless networks are compatible with it. If you want to enable WPA2 encryption on your Wireless router, use these six steps. If you are using a TP-Link wireless router, here’s how to secure your wireless network.

The good news is that the WPA3 is already here and is gradually replacing WPA2. In 2018, the Wi-Fi Alliance announced its next-generation wireless network security standard which aims to solve a common security issue: open Wi-Fi networks. More than that, it comes with security enhancements and includes a suite of features to simplify Wi-fi security configuration for users and service providers.

Step 5. Use a guest network Wi-Fi for visitors

Keeping your main Wi-Fi connection private and accessible only to permanent residents of the house is a good way to stave off cyberattacks. Don’t give your credentials to anyone, be them neighbors or close friends. You never know with whom and under what circumstances they share your login details.

And even if they don’t do that, they might still connect to your network with an infected device when they visit. This can and probably will infect all your connected devices. Having a separate network limits the risk of the threat spreading to every single machine linked to your Wi-Fi.

When setting up your visitor network, make sure to create a different password than you have on your main Wi-Fi, for obvious reasons. After all, you don’t want to go through all this trouble of having a secondary connection, just to have it all be in vain because its credentials were the same as for your primary one.

Step 6. Set a different Wi-Fi network for your IoT devices

While we’re on the topic of setting up separate Wi-Fi connections, it’s a good idea to do the same for your IoT devices. Why? Because most IoT devices have very poor security and can easily be compromised. This will result in the infection spreading to all the devices in that network.

Having a separate connection is a simple way to solve this issue. Again, remember to set a different password for this network so that hackers can’t infer what your main Wi-Fi password is by having access to this one.

Before creating a separate Wi-Fi network, keep in mind that many IoT devices can connect only to 2.4GHz networks. This means that you might need to set up a different Wi-Fi for them, in case you were wondering why you can’t connect your smart vacuum cleaner to your main 5GHz network.

Step 7. Disable WPS (Wi-Fi Protected Setup)

The WPS feature on your router has been designed to facilitate adding new devices to the network for people that aren’t particularly tech-savvy. It achieves this by reducing the entire process to the push of a button or the entry of a PIN code.

And while Wi-Fi Protected Setup does indeed make connecting to the Internet a lot easier for people that don’t know a lot about it, it is also very unsafe. Leaving it enabled means that hackers could potentially obtain your login credentials in a matter of hours. Therefore, I strongly advise disabling it on your home network.

To do so, open your router’s online platform and go to the Wireless tab in Advanced Settings. There, you should find the WPS menu. Select or toggle ‘Disable’, then reboot your router and you’re done.

Step 8. Hide your Wi-Fi Network Name (SSID broadcast)

Hiding your connection’s name is another way to enhance your home network security. This is another operation you can perform on the router’s online settings platforms. Access it as described in the sections above, then go to the Wi-Fi > Wi-Fi Security Settings tab in the Advanced Settings menu. Click the SSID and check the Hide Wi-Fi box. Don’t forget to save your changes.

The network will now appear as Hidden Network and you’ll have to manually type its name to connect. If you don’t know the network name, you can’t connect. There are ways to uncover a hidden SSID name, but this is still a good practice to secure your Wi-Fi even more.

Step 9. Change the default router admin IP address

Changing the default IP address to a less common one is another thing you should consider doing to better secure your home network and make it more difficult for hackers to track it. To change the IP address of a router, you should follow these steps:

Log into your router’s console as an administrator. Once you are there, insert the username and password on the login page. Then select Network > LAN which is in the menu on the left side. Change the IP address to preference, then click Save.

Note: After you’ve changed the IP address, you’ll need to type the new IP address into the web browser bar. You can also change the DNS server that your Wireless router is using to filter the Internet traffic and this guide will show how to do it.

Step 10. Enable MAC address filtering

To further limit what devices can connect to your Wi-Fi network, I recommend enabling the MAC address filtering option. Access your router’s web interface and look for the option. It might be listed as either MAC Filter, Network Filter, Access Control, Network Access, or something like that. You will find it under either the Security, the Wireless, or the Advanced menu.

By enabling it, only specified MAC addresses will be able to access the network. Optionally, you can also do an IP and MAC binding, a process known as ARP Binding. By doing this, you are assigning a unique IP for each MAC address, so the device will connect using the same IP every time.

Step 11. Disable remote admin access

Most routers allow you to access their interface only from a connected device. However, some of them allow access even from remote systems. Once you turned off the remote access, malicious actors won’t be able to access your router’s privacy settings from a device not connected to your wireless network. To make this change, access the web interface and search for Remote Access or Remote Administration.

Step 12. Limit the local admin access to your router

Limiting local admin access to your router is another step towards monitoring your home network security. This is done by manually assigning the MAC addresses of the white-labeled devices from the router’s web interface. For example, you can give admin access to only 2 devices, your main PC and your smartphone. This will prevent anyone else but you from having this level of entry into your network.

Step 13. Activate the additional security features of your router

Next-generation routers come with inbuilt basic security features, as well as more advanced ones. If your device allows it, my recommendation is to activate all of them to further enhance your home network security.

In terms of basic security features, there are three main ones you will encounter in the dedicated tab of your router’s web interface.

  • Stateful Packet Inspection (SPI) Firewall, which monitors your sessions and validates all the traffic passing through the network. This feature is enabled as a factory default, so keep it that way if you want to prevent a cyberattack.
  • Virtual Private Network (VPN), which must be enabled if you want to allow VPN tunnels that use corresponding protocols to pass through your home network.
  • Application Layer Gateway (ALG), which should always be activated because it allows you to customize which application control data protocols pass through your network through Network Address Translation (NAT) filters.

After these three defensive layers are enabled, you should also have a look at the Advanced section of your device’s security settings. These will protect your router from falling victim to traffic flooding attacks.

Some websites also mention disabling DHCP functionality on the router but I strongly advise keeping it enabled. If disabled, you’ll have to manually assign an IP for each connected device from the device itself, not the router admin.

Turning off the router is another often mentioned advice that is obsolete in today’s digital landscape, as it defeats the whole purpose of IoT. When you leave the house, you will naturally want to be able to monitor your surveillance cameras or turn on the air conditioning and heating before you get home, and so on.

With so many connected devices in our homes, this can be a tedious task and, if not done properly, you’ll have IP conflicts and connectivity issues. Not to mention that for most IoT devices you can’t even manually assign the IP, which renders this method obsolete for today’s home networks.

None of these measures are bulletproof, but applying them is a good start towards increasing your home network security.  All of them can be bypassed by a knowledgeable person. Do your best not to become a direct target.

Enhance Protection for Each Device Connected to the Router

1. Use a strong antivirus solution

As I’ve mentioned in the introduction of this article, fortifying your Wi-Fi router is just one component of home network security. To further protect your household devices from hackers, you will need to enhance your protection on each one.

The most accessible starting point for this is by installing a strong antivirus solution. One of the most common cybersecurity solutions for home users out there, AV is designed to prevent, detect and block malicious code from entering computers. It achieves this by continuously scanning the files that make their way into your devices against a database of known viruses and other types of malware.

2. Patch your software

Unpatched software is one of the most common liabilities that hackers exploit to gain unlawful entry into your home network. To make sure malicious actors can’t take advantage of vulnerable applications, you will need to keep your devices up to date.

Unfortunately, this is something many people constantly overlook, as it can become quite disruptive and take up a large chunk of their time. Heimdal™ Threat Prevention Home can help you make the process a whole lot easier and mitigate this risk in your household.

Heimdal™ Threat Prevention Home makes sure that link is safe!
Your parents and friends will click any suspicious link, so make sure they're protected.
Heimdal™ Threat Prevention Home anti malware and ransomware protection
Heimdal™ Threat Prevention Home provides: Automatic and silent software updates Smart protection against malware Compatibility with any traditional antivirus.

SECURE YOUR ONLINE BROWSING!

Try it FREE

30-day Free Trial

Threat Prevention Home installs both security and feature patches as soon as they are released by their respective developers. It does so with minimal interruptions and without the need for reboots, effectively closing 85% of the gaps in your device’s security.

3. Install a VPN solution

Installing a virtual private network (VPN) solution is a great security add-on for the home devices you use most often. By creating a private network from a public connection, it allows you to browse the Internet safely and maintain your data privacy. In this way, malicious actors will have a very hard time tracking you down online.

As I mentioned in the previous segment of the article, some routers allow you to enable the VPN to run directly on them. If yours comes with this feature, that means that you have a fast and easy way to secure every single device that connects to your home network. Still, some routers do not support this feature.

One solution to run a VPN on a router that doesn’t support this feature built into it is DD-WRT, an open-source firmware that adds extra features to your device. It does this by acting as an admin platform where the router’s firmware is rewritten to include more benefits.

This is something to remember as it means you will lose your warranty if the device is new. Plus, it’s not compatible with every single make and model out there, but you can find a full list on the website.

Ideally, you should run the VPN on both your most widely used devices and the router. In this way, you will not only achieve home network security, but also make sure that your laptop or smartphone are protected when you connect from outside the house.

4. Don’t forget about DNS traffic filtering

Another way to achieve advance home network security for connected devices is through DNS filtering. Through this process, you can easily block malicious websites, as well as screen for unsafe or inappropriate content.

Besides stopping cyber attackers in their tracks, this solution is also handy when setting up filters such as parental controls. Our Heimdal™ Threat Prevention Home can help you with this too.

5. Research IoT devices before buying them

Are you looking to add a new IoT device to your home network? To maintain an adequate level of security for your connection, make sure that you research it thoroughly beforehand. Getting a surveillance camera or a smart mop might sound simple, but these devices can come with a lot of vulnerabilities in their firmware.

Final Thoughts

Securing the home network should be a top priority for each of us interested in keeping the data safe and secure. These steps can be really useful even for the non-tech-savvy person to apply. Also, do not forget that your wireless network security can be sometimes weak, and prone to exploits.

This is why I’ve written this guide on how to secure your wireless network and the devices connected to it. By following the advice in it, you will enhance your home network security and prevent as many cyberattacks as possible. Of course, none of these methods are failsafe, but they are a worthwhile effort that will diminish threat risks in your household as much as possible.

Last edited by Alina Georgiana Petcu on August 2021.

Author Profile

Alina Georgiana Petcu

Product Marketing Manager

linkedin icon

Alina Georgiana Petcu is a Product Marketing Manager within Heimdal™ Security and her main interest lies in institutional cybersecurity. In her spare time, Alina is also an avid malware historian who loves nothing more than to untangle the intricate narratives behind the world's most infamous cyberattacks.

Comments

Hi!
Although this would make your network invisible to your neighbours, any determined hacker can still sniff out your SSID, right?

Encrypt your network. Encrypting scrambles the information sent through your network. That makes it harder for other people to see what you’re doing or get your personal information. You encrypt your network by simply updating your router settings to either WPA3 Personal or WPA2 Personal. WPA3 is the newer — and best — encryption available, but both will work to scramble your information. Older Router? No WPA3 or WPA2 options on your router? Older routers have WPA and WEP, which are outdated and not secure. If those are the only options listed, try updating your router software. Then check again to see if WPA2 or WPA3 are available. If they’re not, consider getting a new router to keep your information secure.

Which router have you used to show the examples in this post. I am looking for a good quality home router. Pls suggest.

We have a stalker that doesn’t letting us know he is spying constantly non stop since 2011 – he plants viruses in our router – the router scans our phones and he plants viruses and spies on our phones. Sometimes we even hear him on our phones. How can we stop this? yes he is been reported to the police but they are backwards useless not believing a word we say. Please Let us know if you are experiencing the same issues.

Has the stalker physical access to the router?
I would start with a brand new router.
If you don’t have many devices (<10), you can easily set the settings to manually add the device via Mac-Adress.
Also set a strong Wifi Password and admin password for the router (min 20 characters with mixed digits, upper case and special characters). Turn your wifi off on your phone when not required.

You should also reset the firmware of all devices you use, because if the stalker planted a worm, it may spread again by itself.

These are just first aid steps. Without proper prosecution from the law and having not more information it's difficult to give further specific instructions.

I have the same in my home. It’s a female. She is not going to stop untill she destroys me. I too received nothing from the law. Like I’m the crazy one.
If you have any solutions please please let me know.

If we using a wireless router at home, the first necessary thing is to keep the connection secure enough. In my point of view, we should change our default password immediately and set a strong password.

Hi,
I want to ask if keeping a strong password makes my wifi-router safe from malicious attacks?

Thanks for very informative and useful advice!
It seems to me that keeping your computer offline as much as possible might also be a good and simple security strategy. I try to do this consistently, but often forget. I have therefore looked for advice on how to get my PC to turn its WiFi connection off automatically when I haven’t been using the connection actively for some time – but I’ve had no luck. Do you have any ideas?

It’s interesting to know that if you want to better secure your home network, the first thing you should do is to change the name of your Wi-Fi network. My brother is thinking about improving his home network security, and we are looking for advice. I will let him know about your recommendations to see if it helps with his home network problems.

I’m gratified with the way that heimdalsecurity.com deals with this type of subject! Usually to the point, sometimes polemic, without fail well-written and more often than not quite challenging.

My friend and I have accessed this article for a college CIS essay project, and we are required to cite our sources. I’d love to give credit to the right person, so who will I be crediting in my bibliography?

Hi Nour, We’re glad to hear you found our resource informative and would like to mention it in your essay. You can list Ioana Rijnetu as the author. Thank you and have a great day ahead!

Really good informative article. We so wish we had seen this earlier – like many people we did not realise how fixated and dangerous our neighbours are; they hacked into our router and devices and caused carnage, committing criminal acts on our IP. How to catch them red-handed would be a really good follow-up. We have extensive evidence of their cyber crime – where can we publish this?

I was so overwhelmed after I read this great article. It is very helpful when we talk about are home connection. I wanna use this home security connection on my wifi router with this IP 19216811.me. It’s for family use only but there is no security that I use. So thanks for sharing this!

I have a question….if I want to maximize security would I enable or disable WPS?

Thanks for sharing nice article, I have searching for TP-Link Archer C5400X wireless connectivity solution and find your article and there is almost every point you cover..

Noted! Thanks Ioana! Will go with the hideen one lol

Thanks for pointing out that the router username and password should be changed immediately upon installation because it can be easy for hackers to guess. I will keep this in mind since we will be having one installed this weekend once we have hired a reputable company to work for us. We just don’t want other people connecting because we will be paying for it, and we only have a limited budget every month due to being minimum wage earners.

Victoria Diggles on June 9, 2018 at 12:12 pm

I’m going to change my password on the router)

Darrel Heidenreich on July 13, 2018 at 10:14 am

Victoria, admin/admin – ?)

Thanks for that password tip. I have always just used something simple, like my dog’s name. But, since you mentioned using something a little more security oriented, maybe I should use something more complicated. Thanks for the tips!

Thanks for this post.

I recently had an issue of discovering my next door neighbor had been using our WiFi router in a property we just moved into, apparently the old owner had a deal with him and shared access details.

Is there any risk of our data being taken by this guy? I replaced the router and completely changed all router details as part of this to stop it. Is there anything else I could do?

Hi, Max! If you don’t want to share your Wifi router with others, yes, this would be a good idea to change its settings. Also, make sure you set a strong and unique password to enhance security. Make sure to apply all the steps described in our article.

I suggest checking out GEARS by OPSWAT. It’ll give you a quick security assessment as well as some other free features.

My wife and I just moved into a new home, so we are getting ready to set up the internet here. I like your point about choosing a location in the middle of your house for the wireless router. We’ll be sure to do this so that we get even coverage throughout the whole house.

Well in my professional Experience as a networking consultant, most people dont even bother changing the default password and enabling encryption, and these are the basics, if you don’t cover the bases, security is blown.
Thank you for the write up.

Thank you so much for your feedback, Albert! Happy to know this article was useful.

Hello and many thank you for your feedback! Happy to know it was useful.

Another good idea is to turn off WPS functionality on your router. Just in case someone tries to guess the PIN number using bruteforce.

Hello and thank you for your suggestion, Bruno. Indeed, that’s a good idea to better secure your network. We’ll add this in our article and update it. Have a great day ahead!

Thanks for the tip that a wireless password should be at least 20 characters long. I would like to get some new wireless internet in my home and I want to make sure that I have enough security for the connection. Perhaps I’ll go ahead and look at enabling network encryption when I get my internet fixed up.

This article got me interested in securing my router at the house. I then found that their is a genre for router security were I found a few things that were not covered on this list such as changing your Default IP Address to a less common one to make it harder to track and applying a DNS server such as Open DNS to filter content on the internet. I have done both these things and found them to be helpful.

Insightful article. We need to understand that most home networks are prone to attacks and it is crucial to keep them in check. This article can act as a guide to ensure the security of home wireless security. Thanks a lot!

Another tip – disable PIN access – Reaver may still work on some routers.
And while Access Control Lists are a good idea, it’s also trivial to spoof a mac address, as we know 🙁
Goede werk vrienden !

This article is the best solution I have read where any non tech savvy person can follow the instructions! To further increase my wi-fi security I installed a 16 port switch and connect ethernet to all my devices (6 PC’s and 2 voip services} and only use wi-fi for my phone. I have tried to hook up ethernet to it with no success.
To anyone reading these replies I highly recommend Heimdal PC security software. I mention Heimdal to any Enterprise and home users who ask or even do not ask for advice. I have used it personally and I am not connected or affiliated with Heimdal. I also suggest users subscribe to the Heimdal Facebook page and to their newsletter for up to date information on cybersecurity-Earl Wallace

Would you like to consider changing the default IP addressing on the wireless router, and make use of static addressing rather than DHCP ?

Thanks for the suggestion! We’re going to update this guide soon, so keep an eye on it for improvements.

hi there,

This could be usefull:
i quote from my modem:

To prevent unknown PCs from connecting to the RG via Wifi, please select the mode ‘Enable MAC ACL’, and in the mean time fill in the legible PCs’ MAC addresses in the access list.

It could be a help.
Greatings from the Netherlands

Thanks for the tip, Bernd! We’ll try to incorporate this piece of advice when we’ll update the article with new information.

Doing this is good. But if a hacker can compromise one of the devices, the hacker will be exposed to “ALL” of your devices. Access control lists are great, but can be a disadvantage too. You can check online as there is a debate over this one.

Good luck,
Karl

Hi!
Although this would make your network invisible to your neighbours, any determined hacker can still sniff out your SSID, right?; and you are implicitly forcing your computer to shout out your SSID anywhere you are, while it is trying to connect to it. Anyone could then impersonate your router with that SSID, and get your credentials that way.
Thanks!

Leave a Reply

Your email address will not be published. Required fields are marked *

Protect your business by doing more with less

Book a Demo