DHCP, DNS, IP addressing, UPNP, port forwarding, and security tweaks are the router settings every user should know and master.
In this day and age, security is paramount, with the rising number of hackers, innocent people and their data are quickly falling into risk. Recently, a 16-billion password compromise occurred, and this attack was not only a simple password leak; hackers also installed malware on users’ systems and networks, gaining access through a backdoor.
However, this guide isn’t about cybersecurity jargon, but a fundamental self-awareness, i.e., shutting doors and keeping oneself safe. There is a saying that prevention is the best cure. You can’t stop hackers or evil, but you can always dodge the bullet. And when you are on the Internet, the router is the closest thing to a brick wall.
Router Settings Users Should Know – DHCP Configuration
This is where most problems begin. A rogue DHCP server can trick devices on your network into accepting it as the authority, assigning IP addresses to unauthorized devices, and treating them as if they belong on the local network. Hackers utilize software flaws in your routers to do this. However, if you are fully aware of how the DHCP system works and what your IP leases and pools are, spotting a foreign MAC and IP would be a piece of cake.
To harden your DHCP server, follow these steps:
Static IP and Reservations
This section further hardens the DHCP reservation section. You can take advantage of the MAC address reservations to know exactly which devices are yours. Static IP and MAC reservations enable you to associate MAC addresses with specific devices and assign an IP address.
DNS Settings
The next most important setting is your DNS server. One of the first things a hacker might do is change your router’s DNS settings to point to a malicious server. This allows them to redirect your traffic, potentially logging your activity or sending you to fake websites that steal your information.
That said, you can set these DNS servers; they are highly reliable. Open your router’s settings page, navigate to the DNS section, and put in the following IP addresses: Google DNS (8.8.8.8, 8.8.4.4) or Cloudflare (1.1.1.1, 1.0.0.1).
Run a quick DNS leak test; if any IP address other than your DNS provider’s IP address shows up, your ISP is essentially leaking your DNS. In that situation, you’re able to force DNS from Windows or Mac network settings by typing in the same IP addresses in your PC or Mac network settings.
Port Forwarding and UPnP Control
Most routers enable this by default and suggest that users turn it on. However, in reality, this option is extremely harmful, as it automatically opens ports without the user’s consent. If you see this enabled in your router’s advanced network settings, ensure it’s disabled. If you need to open ports, always use manual port forwarding.
Admin Access & Firmware
This section usually falls under the management category. The first step is to change the default admin username and password. Then, disable remote management and respond to a ping from the WAN. After that, periodically check for firmware updates, which can mitigate WiFi loopholes and potential backdoors within your router’s software.
Additional Security Hardening
While you won’t find most of the features in your domestic router, if it’s an expensive one, you may find a VLAN section, which also has a limited working scope. That said, the built-in firewall will be enabled by default; if it’s disabled, enable it. If VLANs are present, it’s better to segment your network and isolate devices within it.
Conclusion
WiFi settings, password, file sharing, and media server settings are the most common across multiple domestic routers; these are intuitive and have a good UI/UX design to guide you through. However, the settings mentioned here can come in handy and actually protect you from mishaps.
We provide the latest news and “How To’s” for Tech content. Meanwhile, you can check out the following articles related to PC GPUs, CPU and GPU comparisons, mobile phones, and more:
