Router Security Checklist

A checklist to ensure you have the most secure router possible.

• Buy a business class router
• Setup secure router administration
  • Change the Default Password! It is typically username/password: admin/admin, and accessed through a Standard IP Address. If a bad actor gets access to your router, they could login and change whatever.
  • Limit Access to Ethernet Only If your router supports it, having to plugin an ethernet cable to edit router configs is a huge security boost. This also includes any Smartphone Apps. Seriously, you should have to physically plug in an ethernet cable to edit access your router administration.
  • Require HTTPS The router administration console is accessed over HTTP/S. Most routers have the option of forcing HTTPS. Take advantage.
  • Check for Firmware Updates Every 3 Months If the router manufacturer offers a security/patch email list, sign up.
  • Ensure router does not have any unpatched vulnerabilities If it does, buy another router.
• Disable insecure services
  • WPS
  • UPnP
  • HNAP
  • DDNS (if not needed)
• Setup secure WiFi configuration
  • Change the Default Password! Make it a strong password. Most routers allow unlimited password tries. A weak password + a determined bad actor = guaranteed access to your router. Update the strong password to another strong password every 3 months.
  • Use the Most Secure Password Encryption Available According to the following order from most secure to least:
    • WPA2
    • WPA/WPA2
    • WPA
    • WEP
    • No Encryption (Obviously, no)
• Setup limited access
  • Enable any built-in firewall
  • Limit Port Access
  • Enable Mac Address Filtering