9 Risky Things You Must Never Do on Your Router
There are many different router settings and options available once you open the hood. In order to keep your Wi-Fi router and home network as secure as possible, here is a crash course on what to avoid doing.
The Security of Routers
We recognize that there are some circumstances where you may have a very good reason to do one of the things listed below, but first, let’s get into the risky things we advise against doing with your router.
By all means, go ahead and do it if you know what you’re getting into and you have a reason for doing it. Just proceed with the necessary caution. However, for the majority of users, disabling features they don’t require and letting the router handle everything else automatically is almost always the best security option with the least amount of risk.
Turning off automatic updates
You probably keep very close tabs on your network firmware and manage your updates if you work as a network administrator or practice being one at home (possibly experimenting with small business network equipment like Ubiquiti hardware). This will help you avoid bugs, uptime problems, and other issues. When you’re that involved with your network, you may choose to forego auto-updates in order to manually inspect each firmware update.
However, the majority of people are better off letting their router handle the updates automatically to ensure that vulnerabilities and bugs are patched as quickly as possible and don’t need to be so hands-on.
We strongly advise upgrading your router if it doesn’t support automatic updates or is so old that it can no longer receive them. A new Wi-Fi router will feature automatic updates in addition to other enhancements like enhanced Wi-Fi security and expanded Wi-Fi range.
Hosting an Open Wi-Fi Network
In relation to Wi-Fi security, running an open Wi-Fi network to avoid entering passwords is tempting but is a security nightmare.
Anybody nearby who can connect to your Wi-Fi network is free to use it however they please, including carrying out unauthorized acts or roving around your network looking for access to your devices.
Your Wi-Fi router should have a strong password. We’d even go so far as to advise you to use your own Wi-Fi password instead of the router’s default one if your router has one.
When you’re having trouble getting a service to function properly, it’s simple to become frustrated and open a variety of ports or even all the ports for a specific device on your network in an attempt to make the remote connection work.
Only the precise ports you require, such as a particular port for a locally hosted game server, should be opened. Your home network is more vulnerable to internet exposure as more ports are opened. Additionally, if you set port forward assignments with an excessively broad range, traffic may be forwarded to the incorrect devices, which may cause network issues.
Nowadays, port forwarding is rarely even necessary, so unless you have a specific requirement, it’s best to just let the router handle things without assigning ports for forwarding.
Putting Devices in the DMZ
Your router may have a setting that allows you to place a device in the “DMZ,” also known as the “demilitarized zone.” None of your router’s security features will be applied to that device, making it a no-man’s land. It’s the nuclear option for resolving a port forwarding issue because you’re pushing the device out of the safe area, to stick with the military metaphors.
You should never place a device in the DMZ unless you have a very specific fringe-use-case justification to do so. The DMZ should not contain your computer or any other equipment that stores personal data, such as a NAS.
Enabling Remote Administration
By default, only users on the local network can access the administration panel of your router, regardless of its name—”Remote Administration,” “Remote Access,” or “Remote Management.” If you are not connected to the router via an Ethernet cable or a local Wi-Fi network, you cannot access it.
Anyone connecting to your external public IP address will be able to access your router’s login if you enable remote access. They now have the chance to tinker around with your router, testing out password lists, default passwords, and other techniques.
It’s best to just leave remote access off since the majority of people don’t need to access their router’s administration panel when they aren’t at home. If you do turn it on, use a secure password and make sure your router’s firmware is always up to date to guard against vulnerabilities.
Using a Weak Administrator Password
The administrator password for your router may go unnoticed, but it’s a crucial one. Your email password or bank password might draw more attention and seem more important, but if you use a default or weak router password, it’s simple for someone to modify the settings.
Like everything else, your router requires a lengthy, secure password. You can use these instructions to access your router and set a new password if you don’t know the current password for it.
Leaving Universal Plug and Play (UPnP) On
A collection of networking protocols known as Universal Plug and Play (UPnP) enables devices on your network to automatically find and communicate with one another.
That is really excellent in theory. Since UPnP has long been plagued by security problems in practice, we (along with the FBI) advise disabling UPnP features on your router.
Leaving Wi-Fi Protected Setup (WPS) On
Wi-Fi Protected Setup (WPS), which was introduced in 2006, enables you to press a small button on your router and a smaller button on your device, and the router and device will automatically negotiate a connection without any additional setup from you.
It sounds like a great idea and should make everyone’s life easier, similar to UPnP. In reality, it turned out to have security flaws, just like UPnP. We advise you to disable WPS. Yes, the push-to-setup feature can save you time, but it’s simply not worth the cost given how little time you actually spend adding new devices to your network.
Keeping Unused Features Active
We titled this section “keeping unused features active,” but considering the general concept, it could just as easily be called “turning on features you don’t need.”
Although we cannot cover every router setting, it is recommended to leave features turned off if they are not in use. If your router has a file and print server, disable it when not in use. Turn off any built-in VPN clients that you are not using. By stopping services on a router that isn’t in use, you reduce the number of potential zero-day exploits and vulnerabilities that your router exposes.
The same is true when it comes to activating components or tinkering with advanced functions. We strongly encourage users to experiment with their hardware, but if you’re not interested in understanding complex firewall rules and syntax, you should skip that part.
It is crucial to take appropriate measures to ensure the security and stability of your home or office network. Neglecting the safety of your router can have serious consequences such as cyber-attacks, identity theft, or data loss. By avoiding these dangerous actions as mentioned in the article, you can protect yourself and your valuable information from potential harm. Always make sure to keep your router’s software up to date, choose strong and unique passwords, and be cautious of unsolicited emails and links. By following these guidelines, you can ensure a safe and secure online experience for yourself and others who use your network.