I would like to change some of the settings on my Wi-Fi Router to make it more secure - for example, changing the network name and IP address. However, is this pointless? Won't the settings revert to default whenever I reset the router?
But how can you avoid it? Sometimes you have to. What I am looking for here is confirmation (or not) that there is no way around this. Are you saying that if I want this extra security then tweaking all the settings after any and every reset is just the price I will ave to pay? I was wondering if it was just my make of router. Does anyone know of a make of router where this is NOT necessary? Or does such a router not exist?
I very rarely need to reset my router/s. May I suggest being careful which settings you change? My Netgear routers have an export option for just what you describe, but that kind of makes it pointless resetting the router anyway.
Aha, I will check to see f this option exists. I have found this online guide: https://heimdalsecurity.com/blog/home-wireless-network-security/ Any opinions as to which steps I should/shouldn't take?
For my money, I agree with all except 8) which is pointless and just makes it slightly more difficult for you to connect. 9) isn't an option available on my routers but if it's option for you, go for it. The rest are all good options. I'm sure others will have more suggestions too
Okies. I actually worked through this list before and did about seven to eight of the steps. Some of them did not seme to be possible on my router.
That won't happen just from turning the router off and on again. However, it will happen if you do an actual factory reset, which most likely is something that you will never need to do.
I don't see where you tell us the model of your router. If available I would flash my router (I always do) with ww-drt firmware, which is linux based and offers features unavailable with most consumer router software. Its actually somewhat easy but I have done alot of them now. Try reading around about ww drt and see if sounds like something inside your skillset. Very secure.
They all look good but 8 and 10. Both too much work with little to no return at all. As was previously mentioned, all 8 will do is make it harder for you to connect. 10. is too much busy work for something that is transmitted in plain text and can be spoofed by anyone with a sniffer.
I wasn't aware of that. Still, it was pretty easy to setup Access Control on my Netgears. A little more complex on my ISP so called, "Smart Modem", so I haven't bothered with it.
agreed. if you hide the ssid, the clients will keep broadcasting it in plain text in order to discover your network device since they don't know if they're in its range. mac address filtering is useless too, as @xxJackxx noted. just use a strong wifi password with the best algorithm available on your device and you're good to go.
Pretty old at this point but still valid and at least the first 2 points are interesting if you're looking for details. https://www.zdnet.com/article/the-six-dumbest-ways-to-secure-a-wireless-lan/
I swerved both 8 and 10 but have done most other things. Is it worth bothering with #6? And how would I go about using different changes for other devices?
That all depends if your router has a Guest WiFi channel or not. If yes, then set any not-so-trusted devices on the Guest network. EG; I have an old Android phone, old PS3s and my TV (the rare time I connect it) all set to use my Guest network/s. They can access the 'net as required, but they cannot access my trusted Home network.
I am wondering how to set up a separate wireless channel and then connect my smart devices to it. I have fort as far as unchecking the box that synchronises the 2.4 GHz and 5 GHz Wi-Fi channels...what are the next steps?
You could also go old school simple and use 2 routers. Set the second router using a separate LAN. There is nothing more secure than separate hardware. Very easy to use separate LANs and they cannot see each other's activities. Just an idea if you have a spare router sitting around.
How would I go about disconnecting devives from the 5.0 GHz channel and reconnecting them to the 2.4 GHz?
disconnect your devices, make them forget that network, set up new separate pw's for the 2.4ghz and the 5ghz, and reconnect your devices. that's all.
Even if thy are on different wave lengths, 2.4 GHZ v 5 GHZ, won't they still be on the same network? My idea depends on whether the router in question has a guest network. 2.4 GHZ or 5 GHZ doesn't matter. the device connects to the guest network, can access the internet, but cannot access the trusted home network.
Just to prove my point I connected my Android phone to my 5GHZ network and sent a PDF to my printer on my 2.4 GHZ network. The Printer printed.
yes, they will. there will be no segregation. yes, this is a better approach. my method just helps you distribute the network load.
You need different SSIDs if you want to separate networks. If you router has that capability. Or a simple guest network. It all depends on the router or AP. We run multiple networks at work through the same AP. I had one router that had a separate network for the 2.4 and 5g but most do not. I understand based on that why some would get that idea but it is not the rule in most cases.
Thankfully, both my Netgear and my ISP supplied router have dedicated Guest networks. As I mentioned earlier, I connect untrusted devices to it, such as old PS3s, an old Android phone and my TV on the rare occasions it gets connected.