Router Hardening: Difference between revisions

From Irregularpedia
Jump to navigation Jump to search
Newer edit →
VisualWikitext
Initial
 
fixed format and links
Tag: wikieditor
Line 1: Line 1:
'' [[#Configuration%20Recommendations|Configuration Recommendations]]
[[Category:DFP]] [[Category:Cybersecurity]] [[Category:Purple Team]] [[Category:Blue Team]]
'''' [[#Wireless%20Router%20Configuration|Wireless Router Configuration]]
'' [[#Recommended%20Routers|Recommended Routers]]
''' [[#Recommended%20Travel%20Routers|Recommended Travel Routers]]
''' [[#Recommended%20Home%20Routers|Recommended Home Routers]]


For the full DFP Guides, see [[dfp-guide.md|dfp-guide]] # Wireless Access Point Security and Privacy
* [[#Configuration Recommendations|Configuration Recommendations]]
  * [[#Wireless Router Configuration|Wireless Router Configuration]]
    * [[#Recommended Routers|Recommended Routers]]
      * [[#Recommended Travel Routers|Recommended Travel Routers]]
      * [[#Recommended Home Routers|Recommended Home Routers]]
 
For the full DFP Guides, see [[dfp-guide|DFP Guide]] # Wireless Access Point Security and Privacy


This page provides guidelines and recommendations for configuring wireless access points (WAP), commonly referred to as routers, to enhance users’ security and privacy.
This page provides guidelines and recommendations for configuring wireless access points (WAP), commonly referred to as routers, to enhance users’ security and privacy.
Line 11: Line 13:
Here are some excellent guides and resources on the web for home network security:
Here are some excellent guides and resources on the web for home network security:


= '''NSA Best Practices for Securing Your Home Network''': =
= '''NSA Best Practices for Securing Your Home Network''' =
#'' The National Security Agency (NSA) offers a comprehensive guide to help teleworkers protect their home networks from cyber threats. It covers securing various devices, from computers and mobile phones to IoT devices.
* The National Security Agency (NSA) offers a comprehensive guide to help teleworkers protect their home networks from cyber threats. It covers securing various devices, from computers and mobile phones to IoT devices.
#'' [https://www.nsa.gov/Press-Room/News-Highlights/Article/Article/3304674/nsa-releases-best-practices-for-securing-your-home-network/ NSA Guide]
* [https://www.nsa.gov/Press-Room/News-Highlights/Article/Article/3304674/nsa-releases-best-practices-for-securing-your-home-network/ NSA Guide]
= '''A Guide to WiFi Security on Home & Public Networks in 2024''' - ProPrivacy: =
 
#'' This guide by ProPrivacy covers crucial aspects of WiFi security for both home and public networks, including how to access your router’s admin panel and change encryption settings.
= '''A Guide to WiFi Security on Home & Public Networks in 2024''' - ProPrivacy =
#'' [https://proprivacy.com/guides/wifi-security ProPrivacy Guide]
* This guide by ProPrivacy covers crucial aspects of WiFi security for both home and public networks, including how to access your router’s admin panel and change encryption settings.
= '''How to Check if Your Home Network is Secure? | Actionable Tips''' - ProPrivacy: =
* [https://proprivacy.com/guides/wifi-security ProPrivacy Guide]
#'' ProPrivacy also offers actionable tips to check the security of your home network and ensure it’s secure against potential intrusions.
 
#'' [https://proprivacy.com/guides/how-to-check-if-your-home-network-is-secure ProPrivacy Tips]
= '''How to Check if Your Home Network is Secure? | Actionable Tips''' - ProPrivacy =
= '''How to Secure Your Home Network''' - Kaspersky: =
* ProPrivacy also offers actionable tips to check the security of your home network and ensure it’s secure against potential intrusions.
#'' Kaspersky’s guide starts with changing your network’s name (SSID) and covers more steps to secure your home network effectively.
* [https://proprivacy.com/guides/how-to-check-if-your-home-network-is-secure ProPrivacy Tips]
#'' [https://www.kaspersky.com/resource-center/preemptive-safety/how-to-set-up-a-secure-home-network/ Kaspersky Guide]
 
#''
= '''How to Secure Your Home Network''' - Kaspersky =
= '''Home Network Security''' | CISA: - The Cybersecurity & Infrastructure Security Agency (CISA) provides insights into home network security, emphasizing the protection of devices connected and to the internet within a home. =
* Kaspersky’s guide starts with changing your network’s name (SSID) and covers more steps to secure your home network effectively.
* [https://www.kaspersky.com/resource-center/preemptive-safety/how-to-set-up-a-secure-home-network/ Kaspersky Guide]


'' [https://www.cisa.gov/news-events/news/home-network-security CISA Home Network Security]
= '''Home Network Security''' - CISA =
* The Cybersecurity & Infrastructure Security Agency (CISA) provides insights into home network security, emphasizing the protection of devices connected to and the internet within a home.
* [https://www.cisa.gov/news-events/news/home-network-security CISA Home Network Security]


<span id="configuration-recommendations"></span>
== Configuration Recommendations ==
== Configuration Recommendations ==


<span id="wireless-router-configuration"></span>
=== Wireless Router Configuration ===
=== Wireless Router Configuration ===


<span id="factory-reset-router"></span>
==== Factory Reset Router ====
==== Factory Reset Router ====


If you have not had total control of the router since it was activated, you should factory reset it using the physical reset button (long press the small button) or through the admin portal. This is important as the router could already be exploited by backdoors, services, or users. #### Logging In '''Access Admin Portal''': You must access the admin page, typically by going to <code>192.168.1.1</code> in a browser. However, your router’s IP can differ, so check your network settings.
If you have not had total control of the router since it was activated, you should factory reset it using the physical reset button (long press the small button) or through the admin portal. This is important as the router could already be exploited by backdoors, services, or users.


'''Logging In to the Admin Portal''': The admin password is typically found on the router physically or maybe something that you can search online for, such as:
* **Logging In Access Admin Portal**: You must access the admin page, typically by going to `192.168.1.1` in a browser. However, your router’s IP can differ, so check your network settings.
 
* **Logging In to the Admin Portal**: The admin password is typically found on the router physically or may be something that you can search online for, such as:
  * `Router_Brand "default admin" ("password" OR "credentials")`


<pre class="search-engine-query">Router_Brand &quot;default admin&quot; (&quot;password&quot; OR &quot;credentials&quot;)</pre>
<span id="common-router-configuration"></span>
==== Common Router Configuration ====
==== Common Router Configuration ====


Secure your router effectively by following these key steps, each designed to enhance the security and performance of your network:
Secure your router effectively by following these key steps, each designed to enhance the security and performance of your network:


'' '''Change the Default Admin Password''': The default password is often simple and known to attackers, making it imperative to change it to prevent unauthorized access. Use a [[password-manager.md|password manager]]
* **Change the Default Admin Password**: The default password is often simple and known to attackers, making it imperative to change it to prevent unauthorized access. Use a [[password-manager|password manager]]
''# Access your router’s admin panel through a web browser.
  * Access your router’s admin panel through a web browser.
''# Locate the settings for the '''administrative password''' or '''router password'''.
  * Locate the settings for the **administrative password** or **router password**.
''# Change the default password to a strong, unique passphrase.
  * Change the default password to a strong, unique passphrase.
''# Save the changes.
  * Save the changes.
'' '''Enable WPA3 Encryption''': The latest encryption standard, WPA3, significantly improves network security by making it harder for attackers to crack passwords.
''# In the router’s admin interface, find the wireless or security settings.
''# Look for the Wi-Fi encryption options and select WPA3. If WPA3 is not available, select WPA2-PSK as an alternative.
''# Generate and Save password with a [[password-manager.md|password manager]]
''# Apply and save the settings.
'' '''Disable WPS (Wi-Fi Protected Setup)''': While WPS offers convenience by allowing users to connect to the network easily, it also poses a security risk and should be disabled.
''# Navigate to the wireless or WPS settings within the router’s admin interface.
''# Find the option to disable WPS and select it.
''# Save your changes.
'' '''Update Firmware Regularly''': Firmware updates often contain security enhancements and bug fixes, making it crucial to keep your router’s firmware up to date.
''# Go to the system or firmware update section of your router’s settings.
''# Check for any available firmware updates.
''# Download and install the update following the on-screen instructions. Restart the router if required.
'' '''Separate your IoT devices from your main devices''': Internet of Things (IoT) devices (i.e. TV streaming sticks, smart lights, smart speakers, etc.) increase attack surface and if compromised, can be used to access other devices on your network. IoT devices often won’t have as robust security architecture/programs as your main devices.
''# Authenticate IoT devices to only a single network
''#'' Recommend 2.4 GHz Guest network (many IoT devices won’t be 5 GHz compatible)
''# Authenticate main devices (i.e. computers, cellphones) to a different network on your router
'' '''Disable Remote Management''': Remote management can be a vulnerability if not used securely, allowing potential external access to your router’s settings.
''# Locate the remote management or WAN management settings in the router’s admin interface.
''# Ensure remote management is turned off or set to the most restrictive setting possible.
''# Save the changes.
'' '''Use a Guest Network''': A guest network isolates visitors’ internet use from your main network, safeguarding your personal data. The guest network isolates your devices and the admin portal from devices on that guest network. DO NOT let guests on to your main (non-guest WIFI)
''# Find the guest network settings in your router’s configuration.
''# Enable the guest network feature and set a unique SSID (totally unassociated from your main WIFI) and password.
''## Generate and Save password with a [[password-manager.md|password manager]]
''# Configure the network to isolate guest users from your main network.
''# Save and apply the settings.
'' '''Create a Backup''': Saving a backup of your router’s settings ensures you can quickly restore your network’s configuration in case of a reset or error. Save backup to [[password-manager.md|password manager]]
''# Look for the backup or save settings option in the router’s admin panel.
''# Follow the prompts to create a backup of your current settings.
''# Store the backup file in a secure, encrypted drive.
'' '''DNS Configuration''': Changing your DNS settings can not only speed up your internet connection but also add an additional layer of security by blocking malicious sites.
''# Log into your router’s admin interface.
''# Navigate to the DNS settings section.
''# Replace the default DNS server addresses with a more secure and faster DNS service. Recommended options include:
''#'' Cloudflare: <code>1.1.1.1</code> and <code>1.0.0.1</code>
''#'' Quad9: <code>9.9.9.9</code>
''# Save your changes and reboot the router if necessary.


<span id="travel-router-configuration"></span>
* **Enable WPA3 Encryption**: The latest encryption standard, WPA3, significantly improves network security by making it harder for attackers to crack passwords.
==== Travel Router Configuration ====
  * In the router’s admin interface, find the wireless or security settings.
  * Look for the Wi-Fi encryption options and select WPA3. If WPA3 is not available, select WPA2-PSK as an alternative.
  * Generate and Save password with a [[password-manager|password manager]]
  * Apply and save the settings.


To ensure security and efficiency while using a travel router, follow these configuration steps:
* **Disable WPS (Wi-Fi Protected Setup)**: While WPS offers convenience by allowing users to connect to the network easily, it also poses a security risk and should be disabled.
  * Navigate to the wireless or WPS settings within the router’s admin interface.
  * Find the option to disable WPS and select it.
  * Save your changes.


'' '''Connection Methods''': Choose how to connect based on your needs.
* **Update Firmware Regularly**: Firmware updates often contain security enhancements and bug fixes, making it crucial to keep your router’s firmware up to date.
''# For Ethernet: Plug the Ethernet cable from the modem or another network connection into the travel router.
  * Go to the system or firmware update section of your router’s settings.
''# For Wireless: Access the travel router’s network settings and configure it to connect to an available Wi-Fi network as a client.
  * Check for any available firmware updates.
'' '''WIFI Name (SSID)''': Customize your network name to avoid identification.
  * Download and install the update following the on-screen instructions. Restart the router if required.
''# In the router’s settings, find the Wi-Fi or Wireless section.
''# Change the SSID from the default to something unique that doesn’t disclose personal information.
''# Save the changes.
'' '''Wireless Power (Range)''': Adjust to manage the coverage area.
''# Locate the wireless settings in your router’s admin interface.
''# Look for a transmission power setting and adjust it accordingly. Lower it to reduce the range if needed.
''# Apply the changes.
'' '''Whitelisting''': Allow only known devices to connect.
''# Find the MAC Address Filtering or Access Control section in the router settings.
''# Enter the MAC addresses of the devices you wish to allow.
''# Enable the filtering and save your settings.
'' '''Regular Factory Reset (Restore from Backup)''': Maintain a clean state.
''# Perform a factory reset via the router’s admin interface or a physical button, typically held for a few seconds.
''# After resetting, access the router and restore settings from a previously saved encrypted backup file to quickly return to your preferred configuration.


'''Security Audits''': Ensure your travel router remains secure.
* **Separate your IoT devices from your main devices**: Internet of Things (IoT) devices (i.e. TV streaming sticks, smart lights, smart speakers, etc.) increase attack surface and if compromised, can be used to access other devices on your network. IoT devices often won’t have as robust security architecture/programs as your main devices.
  * Authenticate IoT devices to only a single network
  * Recommend 2.4 GHz Guest network (many IoT devices won’t be 5 GHz compatible)
  * Authenticate main devices (i.e. computers, cellphones) to a different network on your router


<pre>1. Regularly log into the router's admin interface to check for firmware updates.
* **Disable Remote Management**: Remote management can be a vulnerability if not used securely, allowing potential external access to your router’s settings.
2. Review the security settings to make sure they are still optimal.
  * Locate the remote management or WAN management settings in the router’s admin interface.
3. Check the device list to ensure that only authorized devices are connected.</pre>
  * Ensure remote management is turned off or set to the most restrictive setting possible.
<span id="advanced-features-in-routers"></span>
  * Save the changes.
==== Advanced Features in Routers ====


Maximize network security with these advanced configurations:
* **Use a Guest Network**: A guest network isolates visitors’ internet use from your main network, safeguarding your personal data. The guest network isolates your devices and the admin portal from devices on that guest network. DO NOT let guests on to your main (non-guest WIFI)
  * Find the guest network settings in your router’s configuration.
  * Enable the guest network feature and set a unique SSID (totally unassociated from your main WIFI) and password.
  * Generate and Save password with a [[password-manager|password manager]]
  * Configure the network to isolate guest users from your main network.
  * Save and apply the settings.


<span id="vpn"></span>
* **Create a Backup**: Saving a backup of your router’s settings ensures you can quickly restore your network’s configuration in case of a reset or error. Save backup to [[password-manager|password manager]]
===== VPN =====
  * Look for the backup or save settings option in the router’s admin panel.
  * Follow the prompts to create a backup of your current settings.
  * Store the backup file in a secure, encrypted drive.


'' '''VPN Client''': All devices can use a single VPN connection, providing security and privacy across the network.
* **DNS Configuration**: Changing your DNS settings can not only speed up your internet connection but also add an additional layer of security by blocking malicious sites.
''# Access the VPN section in your router’s settings.
  * Log into your router’s admin interface.
''# Select the option to enable a VPN client.
  * Navigate to the DNS settings section.
''# Enter the VPN service details, including server address, username, and password.
  * Replace the default DNS server addresses with a more secure and faster DNS service. Recommended options include:
''# Save the settings and connect.
    * Cloudflare: `1.1.1.1` and `1.0.0.1`
'' '''VPN Server''': Enables devices away from home to connect through a VPN to the home network, securing remote access.
    * Quad9: `9.9.9.9`
''# Within the router’s VPN settings, find the option to set up a VPN server.
  * Save your changes and reboot the router if necessary.
''# Configure the server settings, such as the VPN protocol and port.
''# Enable the VPN server and note the connection details for remote access.


<span id="flash-open-source-router-firmware"></span>
==== Travel Router Configuration ====
===== Flash Open Source Router Firmware =====


See the recommended router firmware on [https://www.privacytools.io/open-source-router-firmware privacy guides] ##### Firewall Configuration
To ensure security and efficiency while using a travel router, follow these configuration steps:
 
A robust firewall configuration is critical in safeguarding your network by scrutinizing and controlling incoming and outgoing traffic based on predetermined security rules.
 
'' '''Custom Rules''': Creating custom firewall rules allows you to fine-tune which traffic is permitted or blocked, giving you control over the security of your network.
''' '''Explanation''': Custom rules can be based on IP addresses, domain names, protocols, and ports. For example, you might want to block all traffic from a known malicious IP or allow traffic only on certain ports.
'''# Log into your router’s admin interface and navigate to the firewall settings.
'''# Look for an option to create new rules or edit existing ones.
'''# To create a new rule, specify the criteria (such as source IP, destination port, protocol) and action (allow or block).
*''# Save your new rule and ensure it’s activated. Review the order of rules if your firewall processes them sequentially, to prevent conflicts.
'' '''Intrusion Detection and Prevention (IDP)''': These systems monitor network traffic for suspicious activity and potential threats, automatically taking action to block or alert based on predefined policies.
''' '''Explanation''': Intrusion Detection Systems (IDS) alert you to potential threats, while Intrusion Prevention Systems (IPS) actively block them based on detected anomalies, patterns, or known attack signatures.
'''# Within the router’s admin interface, find the security or firewall section and look for IDP options.
'''# Enable IDS or IPS features. Some routers might offer customization options, like sensitivity levels or specific signatures to monitor.
'''# Configure the system according to your needs, such as setting up alerts for IDS detections or specifying automatic blocking actions for IPS.
*''# Save your settings and monitor the logs to adjust configurations based on the threats detected.
'' '''Device-Level Protection''': Applying firewall rules per-device basis allows for more granular security policies, ensuring that devices with different security levels have appropriate protections.
''' '''Explanation''': This feature is particularly useful in environments with a mix of device types and security requirements. It allows you to tailor security settings for each device, such as IoT devices, which might be more vulnerable.
'''# In the router’s admin interface, navigate to the device management or firewall section, where device-level settings can be adjusted.
'''# Select a device from the list of connected devices. You may need to identify them by IP address, MAC address, or device name.
'''# Configure custom firewall rules for the selected device. This might include limiting connectivity to certain services or blocking all inbound connections.
*''# Save the configurations for each device. Repeat the process as necessary for other devices requiring specific rules.


<span id="recommended-routers"></span>
* **Connection Methods**: Choose how to connect based on your needs.
== Recommended Routers ==
  * For Ethernet: Plug the Ethernet cable from the modem or another network connection into the travel router.
  * For Wireless: Access the travel router’s network settings and configure it to connect to an available Wi-Fi network as a client.


<span id="recommended-travel-routers"></span>
* **WIFI Name (SSID)**: Customize your network name to avoid identification.
=== Recommended Travel Routers ===
  * In the router’s settings, find the Wi-Fi or Wireless section.
  * Change the SSID from the default to something unique that doesn’t disclose personal information.
  * Save the changes.


For secure internet access on the go, consider the following travel router:
* **Wireless Power (Range)**: Adjust to manage the coverage area.
  * Locate the wireless settings in your router’s admin interface.
  * Look for a transmission power setting and adjust it accordingly. Lower it to reduce the range if needed.
  * Apply the changes.


'' '''GL-E750 / Mudi 4G mobile wi-fi router (“Mudi router”)'''
* **Whitelisting**: Allow only known devices to connect.
''' '''Purchase Links''':
  * Find the MAC Address Filtering or Access Control section in the router settings.
''''' [https://www.gl-inet.com/products/gl-e750/ Shop GLiNet]
  * Enter the MAC addresses of the devices you wish to allow.
''''' [https://a.co/d/78sx3aV Shop Amazon]
  * Enable the filtering and save your settings.
''' '''Travel Router Guide''': For an in-depth guide on configuring and using the Mudi router, visit the hackliberty guide [https://git.hackliberty.org/Git-Mirrors/blue-merle here].


<span id="recommended-home-routers"></span>
* **Regular Factory Reset (Restore from Backup)**: Maintain a clean state.
=== Recommended Home Routers ===
  * Perform a factory reset via the router’s admin interface or a physical button, typically held for a few seconds.
  * After resetting, access the router and restore settings from a previously saved encrypted backup file to quickly return to your preferred configuration.


(Here, you might want to list recommended models or brands for home routers, focusing on those known for their security features and ongoing support.)
* **Security Audits**: Ensure your travel router remains secure.
  * Regularly log into the router's admin interface to check for firmware updates.

Revision as of 01:27, 10 September 2024


 * Wireless Router Configuration
   * Recommended Routers
     * Recommended Travel Routers
     * Recommended Home Routers

For the full DFP Guides, see DFP Guide # Wireless Access Point Security and Privacy

This page provides guidelines and recommendations for configuring wireless access points (WAP), commonly referred to as routers, to enhance users’ security and privacy.

Here are some excellent guides and resources on the web for home network security:

NSA Best Practices for Securing Your Home Network

  • The National Security Agency (NSA) offers a comprehensive guide to help teleworkers protect their home networks from cyber threats. It covers securing various devices, from computers and mobile phones to IoT devices.
  • NSA Guide

A Guide to WiFi Security on Home & Public Networks in 2024 - ProPrivacy

  • This guide by ProPrivacy covers crucial aspects of WiFi security for both home and public networks, including how to access your router’s admin panel and change encryption settings.
  • ProPrivacy Guide

How to Check if Your Home Network is Secure? | Actionable Tips - ProPrivacy

  • ProPrivacy also offers actionable tips to check the security of your home network and ensure it’s secure against potential intrusions.
  • ProPrivacy Tips

How to Secure Your Home Network - Kaspersky

  • Kaspersky’s guide starts with changing your network’s name (SSID) and covers more steps to secure your home network effectively.
  • Kaspersky Guide

Home Network Security - CISA

  • The Cybersecurity & Infrastructure Security Agency (CISA) provides insights into home network security, emphasizing the protection of devices connected to and the internet within a home.
  • CISA Home Network Security

Configuration Recommendations

Wireless Router Configuration

Factory Reset Router

If you have not had total control of the router since it was activated, you should factory reset it using the physical reset button (long press the small button) or through the admin portal. This is important as the router could already be exploited by backdoors, services, or users.

  • **Logging In Access Admin Portal**: You must access the admin page, typically by going to `192.168.1.1` in a browser. However, your router’s IP can differ, so check your network settings.
  • **Logging In to the Admin Portal**: The admin password is typically found on the router physically or may be something that you can search online for, such as:
 * `Router_Brand "default admin" ("password" OR "credentials")`

Common Router Configuration

Secure your router effectively by following these key steps, each designed to enhance the security and performance of your network:

  • **Change the Default Admin Password**: The default password is often simple and known to attackers, making it imperative to change it to prevent unauthorized access. Use a password manager
 * Access your router’s admin panel through a web browser.
 * Locate the settings for the **administrative password** or **router password**.
 * Change the default password to a strong, unique passphrase.
 * Save the changes.
  • **Enable WPA3 Encryption**: The latest encryption standard, WPA3, significantly improves network security by making it harder for attackers to crack passwords.
 * In the router’s admin interface, find the wireless or security settings.
 * Look for the Wi-Fi encryption options and select WPA3. If WPA3 is not available, select WPA2-PSK as an alternative.
 * Generate and Save password with a password manager
 * Apply and save the settings.
  • **Disable WPS (Wi-Fi Protected Setup)**: While WPS offers convenience by allowing users to connect to the network easily, it also poses a security risk and should be disabled.
 * Navigate to the wireless or WPS settings within the router’s admin interface.
 * Find the option to disable WPS and select it.
 * Save your changes.
  • **Update Firmware Regularly**: Firmware updates often contain security enhancements and bug fixes, making it crucial to keep your router’s firmware up to date.
 * Go to the system or firmware update section of your router’s settings.
 * Check for any available firmware updates.
 * Download and install the update following the on-screen instructions. Restart the router if required.
  • **Separate your IoT devices from your main devices**: Internet of Things (IoT) devices (i.e. TV streaming sticks, smart lights, smart speakers, etc.) increase attack surface and if compromised, can be used to access other devices on your network. IoT devices often won’t have as robust security architecture/programs as your main devices.
 * Authenticate IoT devices to only a single network
 * Recommend 2.4 GHz Guest network (many IoT devices won’t be 5 GHz compatible)
 * Authenticate main devices (i.e. computers, cellphones) to a different network on your router
  • **Disable Remote Management**: Remote management can be a vulnerability if not used securely, allowing potential external access to your router’s settings.
 * Locate the remote management or WAN management settings in the router’s admin interface.
 * Ensure remote management is turned off or set to the most restrictive setting possible.
 * Save the changes.
  • **Use a Guest Network**: A guest network isolates visitors’ internet use from your main network, safeguarding your personal data. The guest network isolates your devices and the admin portal from devices on that guest network. DO NOT let guests on to your main (non-guest WIFI)
 * Find the guest network settings in your router’s configuration.
 * Enable the guest network feature and set a unique SSID (totally unassociated from your main WIFI) and password.
 * Generate and Save password with a password manager
 * Configure the network to isolate guest users from your main network.
 * Save and apply the settings.
  • **Create a Backup**: Saving a backup of your router’s settings ensures you can quickly restore your network’s configuration in case of a reset or error. Save backup to password manager
 * Look for the backup or save settings option in the router’s admin panel.
 * Follow the prompts to create a backup of your current settings.
 * Store the backup file in a secure, encrypted drive.
  • **DNS Configuration**: Changing your DNS settings can not only speed up your internet connection but also add an additional layer of security by blocking malicious sites.
 * Log into your router’s admin interface.
 * Navigate to the DNS settings section.
 * Replace the default DNS server addresses with a more secure and faster DNS service. Recommended options include:
   * Cloudflare: `1.1.1.1` and `1.0.0.1`
   * Quad9: `9.9.9.9`
 * Save your changes and reboot the router if necessary.

Travel Router Configuration

To ensure security and efficiency while using a travel router, follow these configuration steps:

  • **Connection Methods**: Choose how to connect based on your needs.
 * For Ethernet: Plug the Ethernet cable from the modem or another network connection into the travel router.
 * For Wireless: Access the travel router’s network settings and configure it to connect to an available Wi-Fi network as a client.
  • **WIFI Name (SSID)**: Customize your network name to avoid identification.
 * In the router’s settings, find the Wi-Fi or Wireless section.
 * Change the SSID from the default to something unique that doesn’t disclose personal information.
 * Save the changes.
  • **Wireless Power (Range)**: Adjust to manage the coverage area.
 * Locate the wireless settings in your router’s admin interface.
 * Look for a transmission power setting and adjust it accordingly. Lower it to reduce the range if needed.
 * Apply the changes.
  • **Whitelisting**: Allow only known devices to connect.
 * Find the MAC Address Filtering or Access Control section in the router settings.
 * Enter the MAC addresses of the devices you wish to allow.
 * Enable the filtering and save your settings.
  • **Regular Factory Reset (Restore from Backup)**: Maintain a clean state.
 * Perform a factory reset via the router’s admin interface or a physical button, typically held for a few seconds.
 * After resetting, access the router and restore settings from a previously saved encrypted backup file to quickly return to your preferred configuration.
  • **Security Audits**: Ensure your travel router remains secure.
 * Regularly log into the router's admin interface to check for firmware updates.
Retrieved from "https://irregularpedia.org/index.php?title=Router_Hardening&oldid=305"