Privacy is one of the biggest problems in this new electronic age, Andy Grove
Security is not a product, but a process, Bruce Schneier.
One single vulnerability is all an attacker needs, Window Snyder.
We are living in difficult times, there is no doubt about it. Privacy is both a human right and a necessity, and big companies, tech titans, governments, small companies, and hackers are constantly attacking and diminishing our privacy. The loss of privacy has a corrosive and perversive effect on all of us. Cyber security is under threat. It is increasingly threatened and attacked. It is a critical issue that is affecting all levels of society, whether at a national, local, or personal level.
Unfortunately, there is a plethora of malware, such as ransomware, viruses, spyware, computer worms, and Trojan horses attacking relentlessly our privacy and security. Your router is your first line of defense. It handles and manages all the Internet traffic on your network. If your router is compromised, the security of all of your devices that use the router is in danger,then your network become vulnerable to attacks -you are basically fucked!💀💣 Â
Do not place it near an external wall because it is easier for neighbors or, even worst, hackers to gain access to a strong signal. It is far better to place it more centrally within your home and totally hidden from view, so the signal will be far weaker for outsiders.
Besides, you may want to access the Advanced Wireless Settings and decrease your router’s power input or transmit power. However, this option is not made available on many routers.💀💣 You can also try limiting the Wi-Fi in your home to the 5GHz band.
Protect your router by changing the default out-of-the-box password that is used to access the router. Always set a very strong Administrator password for your router.
Ask yourself if you need Wifi or not. If the answer is no, just turn if off in the router’s configuration settings. Unplug your Wi-Fi router when you are away from home for an extended period.
Change the default out-of-the box Wi-Fi password. It should be at least sixteen or eighteen character long.
Change the default Wi-Fi network name (SSID). Choose a network name that cannot be associated to you, your family, business or home.
Use the highest level of Wi-Fi encryption like WPA2-PSK (AES) or WPA3.
WEP stands for Wired Equivalent Privacy. It can be cracked very easily.
Disable WPS. WPS, aka Wi-Fi Protected Setup, is designed to make the process of connecting to a secure wireless networking from a computer or other device easier. Typically, it can be implemented by entering a PIN or pressing the WPS button on your router. Then, go to your device and select the network you want to connect to. The device will be automatically connected to the wireless network without having to enter the network password. It poses a huge security risk. Â
Turn off UPnP. It is a protocol that allows compliant devices to automatically set port forwading rules for themselves. Enabling both UPnP and NAT-PMP is a convenient way for µTorrent (and other programs) to forward ports without the need for manual router configuration, i.e., you don’t have to go to your router’s web interface and forward ports manually, but it becomes extremely dangerous if your router establishes connections with devices that are infected with malware.
Use a guest Wi-Fi network to host devices you may not fully trust. It allows your family members, friends, and visitors to connect to your router, and therefore, have access to the Internet, but not to your home network. It should be relatively easy to find the guest Wi-Fi settings in your router; then enter your desired network name and password, and finally apply the changes.
Routers offer a web interface, allowing you to configure them through a browser when you’re on the router’s local network, and that’s pretty cool and convenient. However, many router offer a remote access feature that allows you to access this web interface from anywhere in the world. It is typically disabled by default, but it’s so dangerous that it is good to take some time to verify that it is really disabled.
Nowadays, many routers offer remote administration via a cloud service and a smartphone app. Lock down your router’s remote administration if you can, but you typically cannot change it. It is not necessary to tap into your router’s settings when you are away from home, it has plenty of security issues.
Port forwarding is a process that allow users on remote networks to access and communicate with an application, service, or device that sits on a local network, usually behind a router. Every forwarded port poses a security risk, so try to avoid them as much as you can.
Check for new router firmware once a month or so and update if needed.
Besides, you can enable MAC address filtering (ISPs make it very hard to access these settings, e.g., Movistar’s Mitrastar requires to access a different URL, http://192.168.1.1/wlmacflt.cmd or use their mobile app) so only the devices with MAC addresses listed in the router will be allowed to connect.
To find out your MAC address type ipconfig /all at the command prompt in Windows or ifconfig in GNU/Linux.
Finally, there are many choices for DNS providers. It is likely that the default option that is using the DNS servers provided by your ISP is not the best option. Other alternatives are: Quad9 (9.9.9.9, 149.112.112.112), DNSWatch (84.200.69.80, 84.200.70.40), OpenDNS (208.67.222.123, 208.67.220.123), and Cloudflare (1.1.1.1, 1.0.0.1)
Credits: Router Security focuses on the security of routers. SecurityTrails, The Top 5 DNS Servers for Improving Online Privacy & Security.