We are a very mobile society and love our Wi-Fi connections, especially those we don't have to pay for. Security analyst Graham Cluley has some recommendations for protecting your router and home network, although the suggestions are appropriate for business networks too.
- Don't use a router supplied by your ISP: These devices are often less secure than commercially available routers. For instance, many of them enable remote support via the use of hardcoded credentials that are impossible to change. Depending on the vendor, they also might not receive patches on a regular basis.
- Change the default admin login credentials: Mirai and botnets like it work by scanning IoT products for default login credentials. If they find what they're looking for, the malware logs in and enlists the devices into their botnet. Don't let this happen! Set a unique username with a strong password. It's that simple.
- Choose a strong Wi-Fi password: Why stop there? When you set up your Wi-Fi network, make sure you set a strong password to deter remote attackers. It would be a good idea to couple that password with the use of WPA2 as your router's security protocol.
- Update your router's firmware on a regular basis: Once the credentials for your router and network are set, make sure you register your product so that you can receive firmware updates whenever they're released. You can and should implement those security fixes from the router's web interface.
- Be careful when logging into the router's web interface: Whenever you access the router from the web, make sure you do so in private mode so that the browser doesn't save any cookies. Also, make sure the browser doesn't save your router's username and password. You don't want those bits of information inadvertently falling into the wrong hands should someone obtain access to your computer!
- Don't enable services you don't need: Telnet, SSH, UPnP... few people need those services, but plenty activate them anyway. Don't be one of those people! There's no reason to expose yourself to additional risk if you have no use for those services.
In item #3, I would also suggest that WPA2 encryption be a required configuration for your Wi-Fi and not an option. Graham has a lot of good suggestions here and promises to post more advanced recommendations in a future post.