Securing a Router and Configuring Your Firewall

With everything increasingly dependent on the internet, ensuring that your work is safe and secure is extremely important in this day in age. Attacks on home networks and computers have become increasingly commonplace, meaning that your network/computer could very well be the next target. Securing your router and properly setting up your firewall will significantly decrease the chances that your digital presence will be compromised.

Just about everyone has a router at home. Ensuring that your router is properly secured will protect your traffic and devices from external and internal attacks as well as increase network reliability.

A firewall is 100% necessary for safe and secure browsing on the internet. A firewall will prevent attacks that you didn’t see coming, and that’s certainly worth the effort. There is no reason to not have a properly configured firewall.

Properly configuring your router/firewall is something that you only have to do if you are setting up new equipment or buffing the security on existing equipment. Other than the initial setup, you'll never have to do this again, so it's worth going the extra mile and doing it right the first time.

When it comes to the routers, there is no definite explanation that suits all models out there. Some routers have more options than others, and all routers will have different layouts and features. Reference your router’s manual or search online in order to clarify any gray areas.

The first thing to do is to secure access to the router’s interface

Open up a browser and type in the router’s web interface address in the url bar (the web interface’s address is usually 192.168.1.1, however some models will vary, so check the manual that came with your router or google the brand and model of your router if 192.168.1.1 doesn’t work).

Most routers will have a login screen. Enter the credentials and login (typical usernames and passwords are admin/admin or admin/password (if these combinations don’t work, check your router’s manual or search online for the credentials).

Once logged in, you should see the main menu. Usually there are tabs with various category names on them. Find the tab named “system”, “administration”, “account”, or something similar to these examples. Click on that and navigate any sub-tabs until you find the option to change the router interface’s password (change the username if possible, however not all routers have this option). Follow standard conventions for a strong password. Be sure to keep a note of the password in a secure location.

Don’t forget to apply your newly changed settings by clicking on the "apply" button at the very bottom!

The best way to secure your router/network is to set a strong password on the wifi. Assuming that the router itself is located in a secure location, a strong password will keep unwanted neighbors out of your network.

Log into your router, and find the tab named something along the lines of “wireless”, “LAN”, or “connections”. Click on it, and various settings will appear. Check to ensure that the displayed settings pertain to the wifi.

For maximum security, ensure that the wifi is using WPA2 authentication as well as AES encryption. If not, change it by selecting the corresponding option. Most importantly, change the password/authentication key to something that follows standard strong password conventions (8 digits minimum, numbers, symbols, upper and lower case letters).

If the option is available, disable SSID broadcasting. This option will mask the presence of your wifi network. Disabling SSID broadcasting should be on the same page as the rest of the options. Simply select the option to disable broadcasting.

If disabling SSID broadcasting is not an option, then be sure to change the SSID name to something that is easy to differentiate from all other SSIDs. This will help prevent you from connecting to a similarly named rogue/fake network.

Another method to secure your network is to enable MAC filtering.

MAC filtering either whitelists or blacklists the hardware embedded identifier (MAC) on your network interface card. Whitelisting your computers is usually preferred over blacklisting every other computer out there, as it is far easier and more effective. This means that even if a unwanted user managed to get your network's credentials, they won't be able to join because their computer's network interface card doesn't match the whitelist.

MAC filtering is usually in the same category with the wifi settings. The name of the tab should be something similar to “MAC Filtering”. Navigate to this tab. Enabling mac filtering is as easy as clicking on the enable button. Then select from the menu whether or not you want to whitelist or blacklist the mac entries. In order to add a computer/mac entry to the list, select from the drop down menu the mac address of the target computer, then click on “add” or “apply”.

Something to consider is that the targeted computer must have connected to the network at least once previously in order for the router to remember it. Also, some routers only list the mac addresses without any other information about each computer, so be sure to explicitly know the mac address of the target computer.

For increased security, follow these steps:

Upgrade the firmware. From the main menu, the firmware upgrade tab is usually under the “firmware”, “system”, or “administration” tab. Navigate to the tab named above. From there, click on the check for updates button. Accept and install any update that appears. After installation is complete, the router will automatically restart.

If there is no check for updates tab, then search the brand and model of your router with the term firmware. Download the latest from the manufacturer’s website, go the firmware tab, click on select file, choose the file, and then hit upload. If there is no option to upgrade the firmware, then upgrading is simply not applicable to your router.

Disable remote access to the web interface. This option usually has its own dedicated tab with a name along the lines of “remote administration”, however on many models this option will be located under the “system”, “administrator”, or “WAN” tab. The option itself is usually an on/off switch; click to disable it if not already done so.

Enable the built-in firewall. This option is usually located under the “firewall” tab. Enabling (if not already done so) is a simple click of an on/off switch. Also enable other protective measures if they are options in the interface (DoS protection, etc).

Disable WPS. Even though WPS is very convenient, there are many security loopholes that can be exploited to gain access to your network. The options related to WPS will usually be located under the “wireless” or “LAN” tabs. The options for WPS itself are usually contained within a dedicated sub-tab named “WPS”. Find the option that enables/disables WPS and disable it, if not already done so.

Check to ensure that your firewall is actually on.

Notice: If you installed any sort of comprehensive anti-malware software or security suite then you probably have a separate firewall that overrides the built-in firewall. This firewall should already be on.

In order to get to the firewall options, click on the start button, go to control panel, then system and security, and finally on windows firewall. Alternatively search for “windows firewall” in the search bar at the bottom of the start menu.

Now that you are looking at the firewall menu, see what the status of the firewall is.

If the status menu is green, then all is set. If your firewall is red, then the firewall is currently off. In order to enable the firewall you have two options: either click on “restore defaults” on the left pane and restore the defaults, or click on “turn windows firewall on or off” and enable the firewall by selecting the corresponding options.

Normally, when you run a new application, windows firewall will prompt you whether or not to allow access. However, if you want to do that manually, go to the firewall page and click on “allow a program or feature through windows firewall”. Select the program, and decide if it should be unblocked on both private and public networks. Check the corresponding check boxes.

If you need to modify specific firewall behaviors, then go to the advanced options page for windows firewall.

There are a number of ways of getting to that page. The simplest method is to click on “advanced settings” on the left pane of the windows firewall menu. Another way is to search for “windows firewall with advanced security” in the search bar at the bottom of the start menu.

Once you reach the advanced options page, click on either inbound or outbound rules located in the left pane (the decision will depend on what you are trying to change).

From either the inbound or outbound menus, locate the right pane and click on “new rule”. Run through the wizard, and specify the changes you are trying to make. For demonstration purposes we are trying to block all incoming TCP traffic that uses port 527.

Step 1: Choose the type of rule according to what you are trying to do.

Step 2: Depending on the rule type, the options you see will vary. Select options that fit your needs.

Step 3: Regardless of the rule type, you will have to decide whether or not to allow traffic. Choose based on your intentions.

Step 4: Regardless of the rule type, you must choose which types of networks this rule will apply to. Generally, leaving them all checked is fine.

Step 5: Add an optional name for easily identification in the list of rules. But otherwise, you are done! Add as many rules as you need.

If you don’t know what an option does, it is best to leave it alone. Clarify your ideas by checking on the internet before you proceed.

Some routers are actually part of a modem, however the process of configuring them is the same as a normal router.

If you do a full reset on the router/firewall, be sure to note which settings you want to restore afterwards (like exceptions for certain applications or passwords).

When configuring the router, be warned that changing settings will cause a temporary outage. Make sure that no one is using the internet when you make your changes.

Be sure to write down the new password for the wifi. After changing the password, you will have to reconnect all of your devices manually.

Most importantly: Routers generally do not automatically apply the changes you make. Be sure that you apply your changes before logging off otherwise you will lose your changes!

By this point you should be far more acquainted with securing your router and enabling your firewall. These protective measures should significantly reduce your vulnerability to the various threats that lurk on the internet and within your local area.

Hopefully you learned a thing or two, and browse safely! Remember that these protective measures are not a substitute for common sense. Don't assume that you'll be invulnerable.