I will be giving a presentation on Defensive Computing at the HOPE conference
in New York City in July 2022.
The talk is based on my
Defensive Computing Checklist
website. The conference runs from July 22nd through the 24th, I am scheduled
for the 23rd at 1PM ET. Attending in person costs $200
for all three days.
You can also stream the entire conference live for $99
More about the talk here
Frankly, I think the security advice offered on this site is as good as you're going to find anywhere. If nothing else, the configuration suggestions offered on this site are far more comprehensive than any one article. Still, for other perspectives, some articles on Router Security are listed below. Many stink. Even more are pretty basic, roughly equivalent to the short list on the home page. A few are good (look for bold text). I don't link to the ones that are not worth reading, but do provide the URL in plain text.
- The Networking section of security-list.js.org covers how to connect devices to the Internet securely, including configuring your router and setting up a VPN. Undated.
- Dust off your home WiFi router: It needs some upkeep to stay secure by Tatum Hunter in the Washington Post. March 23, 2022. Mostly, this is what you would expect from an Economics major writing for a newspaper. That is, from someone with no real understanding of the technology and who just interviews people that claim to be experts. Ugh. One interesting point: bad guys put fake error messages on smart TVs, urging victims to call a phony customer service number.
- Recommended settings for Wi-Fi routers and access points from Apple. Its fine. Published January 6, 2022 - a day that will live in infamy.
- 3 things you should do first when setting up a new Wi-Fi router by Paul Wagenseil Dec 22, 2021. Shorter than my short list, but all good advice.
- How to Tell When It's Time to Replace Your Router by Nicholas De Leon for Consumer Reports. April 30, 2021
If you own your router, there is no clear-cut way to decide when to replace it. That's the article in a nutshell. The advice about how to find out if a router is still getting bug fixes is wrong. The advice about speed tests is also wrong. The most useful information in the article are the links to Asus, D-Link, Netgear, Synology and TP-Link web pages that show which devices are no longer being updated.
- On June 10, 2020, Brian Westover of Toms Guide wrote about the Best Wi-Fi routers for 2020. The article said "... the best security-focused router is the Netgear Nighthawk AC2300 (RS400), which comes with three years of easy-to-manage protection from Bitdefender Total Security software". Nine days later, Toms Guide, along with others, writes about 79 Netgear routers that are vulnerable to assorted flaws that were first disclosed to Netgear six months ago. Among the buggy routers, the Netgear Nighthawk AC2300 (RS400). So much for "security-focused".
- What You Need to Know About Remote Work: Hardening Your Home Router by Acronis. The article has no date and no author which makes it very suspect even before reading a word. I think it was published June 1, 2020. Mostly basic stuff. The only unusual suggestion is a good one about reducing transmit power to keep the signal away from neighbors. The Bad neighbors page here has more on this. Minor mistake: it assumes that every router lets you change the userid for logging into the router. The explanation of WPS is poor. It suggests changing the router password at least once a month. It says that not broadcasting the SSID is a great security feature. Eh. The biggest mistake is suggesting that VPN client software in the router "...is a good solution to the problems raised by wireless packet sniffers." This is not true.
- Yes, Your Wi-Fi Router Can Be Hacked. Here's How to Secure It by Ethen Kim Lieser in National Interest (April 24, 2020). Not much here. One bad thing is that it mentions having a strong password as if the author is not aware that WiFi and the router use different passwords.
- Security Hygiene for Remote Workers: Part 2 by Derek Burke of Cubro. April 15, 2020
- Securing your home network in preparation for Working From Home by Scott Helme (March 19, 2020). Covers very few topics. Mostly focused on Ubiquiti UniFi hardware which apparently is limited to only two Wi-Fi networks. Article argues for having two LAN side networks. In my opinion, people are very likely to need more than that. Author assumes that all firmware updates are good which is clearly not the case.
- How Secure Is Your Home Wi-Fi? by Dave Johnson March 3, 2020
Not to tout my own horn, but at this point how can anyone write about router security and not mention this website. It has been around for years, has a very high ranking in the Google search engine and, frankly, offers great advice. Seems like reporter malpractice. On top of that the article stinks. It leaves out many steps on the short list on the home page of this site. It reads a like a press release with quotes from many different experts.
- How to secure your router and home network
by Lucian Constantin in CSO. November 18, 2019. Excellent article. A bit techie and short on details, but covers a lot of ground.
- Protect Your Home Network and Set Up a Guest Network by Shannon Morse No date. Very elementary. Nothing about UPnP. Nothing about how long a Wi-Fi password should be. Suggests using Shields Up!, which is fine, but a perfect score there does not mean that all WAN side ports are closed. Far from it.
- 7 Steps to a Secure Router by Leo Notenboom. First written in 2009, updated May 2016, updated again April 2019. Standard stuff, except for the point about physical security. Debunks MAC address filtering and SSID broadcasts, always a good sign in an article. Big omissions: Guest networks and that some routers can self-update.
- How to Set up a Secure Home Network by David Balaban in Medium Feb. 3, 2019. Lame article. Change SSIDs and router password. Use WPA2-AES and Guest networks. Disable WPS, UPnP and remote admin. Author seems to not really understand WPS or be aware of WPA2 Enterprise. Also confuses local router access with remote access. And, is not aware that every router has a firewall or that some routers can self-update or that not every Guest SSID can expire after x hours. Good suggestions: use only the 5GHz band, if possible, to limit signal leakage and turn off Wi-Fi when away from home. I gave up after reading that routers have "a hard time deciphering outgoing traffic." Ugh.
- New Year’s resolutions: Routing done right by Tomáš Foltýn of ESET. January 17, 2019. A perfectly fine article. Starts with a list of the damage a hacked router can cause.
- Google loves this article: How to Boost Your Router Security by Tercius Bufete for Consumer Reports (Last updated: June 29, 2018). When you search for "router security" it is very close to, or at, the top. The article is a mixed bag.
Good: It suggests investigating if your router manufacturer can send security notices by email. When discussing firmware updates, it does mention that routers are abandoned and thus might never be updated. It says that passwords need to be strong and offers reasonable password advice. It suggests turning off features you are not using and throwing away any router that does not offer WPA2-AES encryption.
Bad: It does not say which router manufacturers do send security notices to their customers. For routers with a web interface, it omits the easy names offered by many vendors that can be used in place of an IP address. For example, Netgear uses www.routerlogin.com. A list of these names is here on the Introduction page. It says the danger with UPnP is that it helps devices on the LAN talk to each other. This is not the big security issue, opening WAN side ports is the real danger. The instructions for disabling UPnP will often be wrong as there is no standard. It says nothing about WPS. It says that anti-virus software can protect your router, which is not true. It fails to mention this site, which offers far more security suggestions.
- In How to secure your home Wi-Fi router against hackers (Last updated Aug 15, 2018) Dong Ngo says to buy a router from a reputable vendor that offers long-term support for their equipment. Great advice, not often given. But, sadly, useless as he does not suggest any good vendors. The point of the article is to do four important things to make a router secure. It implies that there are only four things to worry about which mis-leads non-techies. In discussing passwords it says nothing about the strength of the passwords.
- As a rule, Komando.com is not a good source of technical information. The article "5 router security settings to turn on before it's too late" by Francis Navarro October 6, 2018 has some mistakes. As expected, it says to use WPA2 but fails to mention the need for long passwords. The article assumes you own your own router while many, if not most people, have a router or gateway provided by their ISP. It says that a VPN makes you anonymous. It does not. These are classic mistakes in articles written by people that do not understand the technology. Finally, the article says to wait for WPA3 before buying a new router. This ignores some facts: it will be long time before clients support WPA3, the first release is likely to be buggy given the history of the WiFi Alliance and there is no real security problem with WPA2.
- "How to protect your Wi-Fi network from hackers" by Jerry Hildenbrand of Android Central August 20, 2018 is not worth reading. It says "With WPA2 being compromised, it's fairly easy to crunch enough numbers to crack a Wi-Fi password" which is not true. WPA2 has not been compromised and a long WPA2 Wi-Fi password is safe. The article suggests resetting a router just in case it had been hacked, but says nothing about gateway devices which probably should not be reset without checking with your ISP. As for passwords, the article says they must be random and cites SeaToShiningSea22$ as a bad password for not being random. I disagree. The discussion of port forwarding is miserable.
- New York University IT Security News and Alerts published an article in July 2018 called "Home WiFi Router Security: What You Should Know" The author is not identified, which is clearly an act of kindness. The author is a moron.
- How to Make Your Wifi Router as Secure as Possible by David Murphy for Lifehacker. July 18, 2018. The title is way over-stated, especially considering the examples use a TP-Link router. It says to use WPA2 with no mention of password length, a huge oversight. Has a good discussion of MAC address filtering. Points for suggesting scheduling Wi-Fi, promoting Guest networks and a good section on stuff to turn off. Comments show the author only has experience with consumer devices.
- Router security on trains - Hacking train passenger Wi-Fi by Ken Munro of Pen Test Partners May 8, 2018. A security professional offers advice to train companies. Not all of the advice is relevant to home users, but the basic concept of segregating devices onto networks with their own security profile is relevant to every router. Also, defining users/devices that are only allowed to see the Internet and not see anything else, is the basis of my VLAN page. It includes advice on physical security, an issue I have not covered much here, other than in regard to WPS.
- "Russians are targeting home routers. Here's how to protect yourself" by Francis Navarro of Komando.com May 6, 2018. The article offers too much faith that router firmware is actually updated, showing inexperience on the part of the author. It assumes that all routers have a web interface, which is not true. It says "To check your router's DNS settings, use an online tool like F-Secure Router" with F-Secure Router being a link that takes you to an article about generating strong passwords that has nothing to do with F-Secure or DNS. I list many DNS checking websites on the Test Your Router page. The article says nothing about Wi-Fi passwords, a huge omission. Finally, the suggestion to disable SMI shows that the author does not know the technology and was simply copying and pasting from the US government warning. The article is for non-techies and SMI is a Cisco only thing. Home users do not need to deal with SMI.
URL: https://www.komando.com/ happening-now/458786/ russians-are-targeting-home-routers-heres-how-to-protect-yourself
- "Russians hack home Internet connections - here's how to protect yourself" by Sandeep Nair Narayanan, Anupam Joshi and Sudip Mittal May 4, 2018. A miserable and trivial article, from authors that claim to be graduate students and faculty doing research in cybersecurity. Awful on many levels.
URL: https://theconversation.com/ russians-hack-home-internet-connections-heres-how-to-protect-yourself-95907
URL: https://www.salon.com/ 2018/05/05/russians-hack-home-internet-connections-heres-how-to-protect-yourself_partner/
URL: http://www.businessinsider.com/ protect-your-home-and-internet-from-russian-hackers-2018-5 May 12, 2018
- Hack-Proof Your Company's Wi-Fi by
Anita Campbell for inc.com February 26, 2018. Has some very good suggestions. Starts off with buying a secure business router. Author must
have read this site :-) Other good suggestions: physically lock up a router to prevent it from being reset and not allowing
wireless admin access. Mentions WPA2 Enterprise. But, some suggestions are mealy, and the advice on SSIDs is wrong.
- Secure your Wi-Fi against hackers in ten
steps by Davey Winder for IT PRO in the UK. Feb. 5, 2018. Research commissioned by Broadband Genie of British broadband users showed that 19% had accessed the Wi-Fi router configuration controls, 17% had changed the admin password from the default and 14% had updated their router firmware. Article confuses router password with with Wi-Fi password. States that the majority of routers can self-update. Maybe in England that's true. Good warning about firmware updates, that they may default the router back to original settings. Suggests changing DNS servers and sniffing out rogue devices on your network with Fing. Good discussion of MAC address filtering.
- How to Protect Your Home Router from Attacks
by Lucian Constantin in Motherboard January 3, 2018. An excellent article. Constantin knows his stuff and he consulted with other experts too. He also wrote a good article on router security for PC World in July 2016 (see below). That said, the article is a bit ambitious in that very few people can follow all the suggestions. But, it does steer readers in the right direction.
The same day this article was published, Cory Doctorow wrote a rebuttal to it in Boing Boing (You absolutely must secure your home router and you probably can't
) that started with: "Lucian Constantin's Motherboard guide to protecting your home router is full of excellent, nearly impossible-to-follow advice that you should follow, but probably won't. Constantin sensibly points out that your ability to trust your router ultimately and absolutely depends on its security track record ... but then goes on to obliquely point out that these are largely unanswerable questions."
When it comes to Peplink, the questions are indeed answerable and the answers are good.
- "Five ways to check if your router is configured securely" by Miguel Angel Mendoza for We Live Security by ESET. Jan. 23, 2018. Pretty bad. Has multiple plugs for ESET software.
URL: https://www.welivesecurity.com /2018/ 01/23/five-ways-router-configured-securely/
- Recommended settings for Wi-Fi routers and access points by Apple. Goal of the recommendations is "best performance, security, and reliability." Mostly standard stuff. Good SSID advice. Strangely ignores the latest ac flavor of WiFi for 5GHz. I disagree with the 5 GHz channel width recommendation, but that's a performance thing, not a security thing. Last updated Jan. 14, 2018
- Security White Paper: Router Operation Best Practice is vendor-neutral
advice from router vendor DrayTek. A 24 page PDF, the
longest writeup on the subject I have seen. Targeted more at businesses rather than home use. Suggests using VLANs and setting up a schedule to disable WiFi at times it won't be used. This is version 2. Originally the paper was called "The 27 things every router and WiFi user should know" and it was only 10 pages. The previous version was issued sometime in 2014.
- WiFi how and why: Setting up a new router securely by Rob Pegoraro in USA TODAY Dec. 27, 2017. Starts off assuming the router has a web interface. Some do not. Says to use a memorable SSID, but does not suggest avoiding personal info. For example, an SSID of "The Smith Family" is bad. Does not mention that self-updating routers exist. Suggests disabling WPS, but only mentions the WPS push button method.
- Basic Wi-Fi security: How to easily improve your home internet safety by Phil Nickinson at Android Central Dec. 27, 2017. The author uses a Netgear router. Nuff said. Article has way too much snark. Bad advice on Wi-Fi passwords: "It just needs to be a basic front-door lock is all." Says WEP is bad but says nothing about WPA. Considers passwords for Guest networks to be optional.
- "How to secure your home wireless network router" by Computer Hope last updated Dec. 20, 2017. Miserable article. A disgrace. Probably written 10 years ago. Recommends WPA, disabling SSID broadcast and MAC address filtering.
URL: https://www.computerhope.com /issues/ch001289.htm
- "How to Keep Your Home Wi-Fi Safe From Hackers" by David Nield December 11, 2017. Router Security as seen by an art history major. Very introductory. Big omissions: WPA2 password strength, self updating routers, mobile apps for administration. Mostly wrong about KRACK flaw. NAT explanation has two technical mistakes. Mozilla sponsored this article, shame on them.
- How to secure your router to prevent IoT threats by Cecilia Pastorino for We Live Security by ESET. October 26, 2017. Too vague and general to be of much practical use. Still, it does suggest network isolation, disabling services not used and doing more with firewalls.
- Router configuration - easy security and improvements at DecentSecurity.com. Eh. Author is anonymous. Copied my idea to tape the router password to the router. Assumes the router has a web interface, not all do. Not as comprehensive as the home page of this site. Endorses The WireCutter even though they don't consider security at all. Last revised Oct 2017.
- 5 Ways to Secure Wi-Fi Networks by Eric Geier for Network World Sept 18, 2017. Advice for businesses rather than home users. Good points about choosing an SSID. Covers physical security, WPA2 Enterprise and more.
- The Complete Guide to Improve Your Home WiFi Security by
Nick Congleton in Make Tech Easier July 22, 2017. Overplays importance of changing SSIDs. Does stress long Wi-Fi passwords. Only person in the world to suggest rotating your Wifi password. Says to disable the guest network but actually means to password protect it. Says that not every router has a built-in firewall, which is false. Says that a VPN you can help stop attacks from outside your immediate area. WTF? Whole VPN topic is wacky/wrong. Author un-aware of self-updating routers.
- Protecting Home Networks: Start by Securing the Router by Trend Micro May 18, 2017. Pretty good. Some of the usual stuff and some advice that may have been copied from here such as "Avoid routers that are included with internet plans" For Wi-Fi passwords, they suggest over 20 characters. New stuff: don't buy a used router, it may be infected with malware and a very good point, that website-based DNS server tests may not be reliable once a home router has been compromised.
- Securing Your Routers Against Mirai and Other Home Network Attacks by Trend Micro January 31, 2017. Very general, mostly a plug for their software that they put in some ASUS routers. A companion 30 page PDF: Securing Your Home Routers by Joey Costoya, Ryan Flores, Lion Gu, and Fernando Merces of Trend Micro.
- How to Setup a Secure Wireless Network Router on SafeGadget.com, no author given. Created Jan. 2013, last Updated Dec. 15, 2017. Notes that Ethernet is much more secure than wireless. Says that router vendors stop upgrading firmware after a year or two and then you then should buy a NEW router (one of many reasons to buy Peplink routers, they maintain firmware for a very long time). Recommends pfsense and the Ubiquiti EdgeRouter X. Endorses Steve Gibsons 3 dumb routers scheme. To turn off a router at night, suggests using an electrical power timer (Peplink offers scheduling). Suggests Wi-Fi passwords be at least 40 characters long. I think thats overkill. Says that the DHCP range should equal the number of devices you have. I disagree. Offers suggestions for configuring Guest Wi-Fi networks. Discusses third party router firmware.
- Asuswrt-Merlin vs DD-WRT by Dave Farquhar December 12, 2016. Seems to be a non-biased opinion from a qualified author. I have not used either, so I can't comment on the details.
- How to set up and optimize an Asus RT-AC66U by Dave Farquhar December 5, 2016. Worthwhile read. The article discusses Asus WRT-Merlin firmware by Eric Sauvageau. It is not as full featured as DD-WRT, retains the Asus user interface and fixes security vulnerabilities faster. Nice feature: the WPS button can be converted to a Wi-Fi on/off button. Also, router can be configured to re-boot daily in the middle of the night. The article also offers good advice on initial router setup. The author is the only one, other than myself, to recommend taping a piece of paper to the router. The router can create up to three guest networks on each frequency band. Great way to isolate IoT devices.
- Six Things You Need to Do Immediately After Plugging In Your New Router by Jason Fitzpatrick Dec. 1, 2016. Pretty good article, but fails to suggest plugging a new router into an existing one while doing initial setups.
- Secure your router: How to help prevent the next internet takedown by Lysa Myers of ESET November 8, 2016. Meh. Best part of this article is that disabling UPnP was second in the list.
- 12 Ways to Secure Your Wi-Fi Network by Eric Griffith for PC Magazine October 14, 2016. This article says to turn off Guest Wi-Fi networks which is as wrong as wrong gets. Plus, the author seems to be under the impression that all Guest networks have no password. How does this happen? How does stuff like this get published? The article assumes that every router has a default userid/password. This is no longer true. This is the only article I have seen that suggests periodically changing the SSID in case someone has the password. A Guest network would avoid the need for this. To update firmware, it is suggested to use the router. The author is unaware that this often does not work and the only way to be sure you have the latest firmware is to manually check the manufacturers website.
- "How Outdated Router Firmware Puts You at Risk" by Tercius Bufete August 2, 2016. Fire hot. Ice cold. Merely stating the obvious.
URL: http://www.consumerreports.org/ wireless-routers/outdated-router-firmware-poses-security-risk
- How to secure your router and home network by Lucian Constantin of IDG News Service July 8, 2016. Pretty long list, almost all of it good advice. A rare instance of someone who agrees with me to "Avoid using routers supplied by ISPs".
- Use guest networks to secure IoT "smart" devices by Dave Farquhar February 8, 2016. Worthwhile read. I agree completely on the concepts and the goals, but not on all the specific suggestions. Interesting note: DD-WRT can throttle the bandwidth of a guest network.
- Why hiding your SSID makes your security worse by Dave Farquhar January 6, 2016. Quoting: "When you hide your SSID, your devices have to beacon out looking for it. So they do, and they don't just beacon when you're at home. They beacon out at work, at the coffee shop, at the airport and hotel, and wherever else you take your phone, tablet, and/or laptop. An attacker can detect that beaconing, then stand up an access point with that SSID, wait for your device to join, and then they can capture and analyze your traffic. At that point they can even get into your SSL/TLS sessions."
- Security Tip (ST15-002) Securing Your Home Network from US Cert. December 2015. No one was willing to put their name to this. While the advice is technically correct, it will also prove useless to the very people that need it. And, its poorly written. For example, the first suggestionis to "Change the default username and password" as if there were only one default. Its not clear if they are talking about the router password or the WiFi passwords. It also assumes routers create a single Wi-Fi network and it advises to "make the SSID unique" without saying either how or why. And it says nothing about Guest networks.
- Home networking explained, part 6: Keep your network secure by Dong Ngo for CNET December 22, 2015. Not good. Suggests Wi-Fi passwords should be easy to remember and type, even on a smartphone. I disagree. Says Wi-Fi passwords should be at least eight characters long. I disagree, they should be longer. Suggests changing routers IP address. Good. But, then says that it can be changed to almost anything you want. At this point, it seems Ngo is not qualified to write on the subject. Suggested router IP addresses include 18.104.22.168 and 22.214.171.124. Not good. On the upside he does suggest disabling UPnP and enabling security for powerline adapters.
- Securing Your Wireless Network from the FTC. September 2015. Awful, bordering on malpractice.
- June 13, 2015: On his Tech Guy radio show, Leo Laporte was asked to recommend a secure router by someone willing to spend up to $500.
He had no answer. When he referred to "Bad USB", he meant to say NetUSB. He was also wrong in that NetUSB is a flaw on the LAN side
of the router, not the WAN side. Andy, he thinks that open source router firmware is more secure, something that a real expert, Craig Young of Tripwire
said is not true. If that's the state of what a Tech Guy knows about routers, this site is really needed.
- Home router security 2015 - 9 settings that will keep the bad guys out by John E Dunn of Techworld April 23, 2015. An interview with Tripwire researcher Craig Young, an expert on the subject. Excellent discussion of the topics raised. Young's opinion on third party firmware such as DD-WRT is a must read.
- Secure your wireless router by Kevin Dearing at Ghacks.net. March 24, 2015. This article is more comprehensive than most on the subject although it falls down on WPA2.
- Build the best, most secure wifi in your neighborhood by Dave Farquhar March 24, 2015. Good article, with some attitude to boot. With the recent advent of mesh routers the advice about extending the reach of a Wi-Fi network is a bit dated, but the security advice has aged well.
This used to be on the Resources page, but that page was getting too big.
Page Created: January 1, 2018
Last Updated: June 21, 2022 10PM CT
Viewed 22,185 times
(14/day over 1,642 days)
Copyright 2015 - 2022