Hughesnet Community

How can I secure my router?

cancel
Showing results for 
Search instead for 
Did you mean: 
TPitts2017
New Member

How can I secure my router?

How can I secure my router?

5 REPLIES 5
jcollison251
Sophomore

I secured mine to the rack with duct tape.  Hillbilly install for a hillbilly connection, that's what I always told myself.

 

Or if you meant how to secure it electronically, this isn't Hughesnet-related so I think you'd find much better information out there on the web.  Since you do not have a public-facing IP, I'd just do the following (in order) and call it good:

 

- Change admin password on the router

- Disable the WPS!

- Set (or change) the wifi password(s)

- Remove and burn the sticky note that you just stuck on the router.  Also discard a few blank pages on the sticky note pad behind that sheet, because an impression can be lifted.

- Don't give the wife the new wifi password because they just burn your bandwidth on youtube.

 

That's all I'd do, personally.  If your WPS was ever enabled, it's very important to change the wifi password because some drive-by snooper or neighbor could already have your passphrase.  Disabling WPS will not keep them out now, obviously.  Not without a new passphrase.

 

Anything else you can do really depends on your router.  I'd want to know about new MAC addresses, but I wouldn't ban unknown ones with filtering.  Guest network stays enabled only if it has a password, and that password obviously is different from your trusted machines network. Me, I just got rid of the guests and therefore solved the guest network problem.

 

The point is, it all depends on what you want to do and what you want to put up with going forward when using your own stuff.  There's no right answers.

GabeU
Distinguished Professor IV

I would also disable the guest networks.  


@GabeU wrote:

I would also disable the guest networks.  


Can I ask why you'd disable them, even if the guest net has a separate WPA passphrase?  I'm just curious if I missed some vulnerability or made an error in logic.

 

If a guest needs a wifi connection, I'd rather give them a password to an isolated network rather than give them access to "my" network.  This way, if I've made a mistake with the file sharing config on some seldom-used folder, I don't have guests viewing sensitive files.

 

maratsade
Distinguished Professor IV

"I secured mine to the rack with duct tape.  Hillbilly install for a hillbilly connection, that's what I always told myself."

 

That's Pentagon-level security!   Smiley LOLSmiley LOLSmiley LOL

GabeU
Distinguished Professor IV


@jcollison251 wrote:

@GabeU wrote:

I would also disable the guest networks.  


Can I ask why you'd disable them, even if the guest net has a separate WPA passphrase?  I'm just curious if I missed some vulnerability or made an error in logic.

 

If a guest needs a wifi connection, I'd rather give them a password to an isolated network rather than give them access to "my" network.  This way, if I've made a mistake with the file sharing config on some seldom-used folder, I don't have guests viewing sensitive files.

 


Habit.  

 

I tend to err on the side of caution. One thing I've learned over the years is that there are many people out there who know a lot more than I about ways in which to infiltrate one's system, and what we often think of as secure one minute isn't the next.  So, because of this, rather than trust that someone couldn't use the Guest Access without the SSID, or that it has a separate WPS passphrase, I've taken to turning everything off that I don't need.  The regular and guest access for the 5Ghz radio are disabled in my router, as is the guest access for the 2.4Ghz.  If a guest needs access at some point, then I'll turn guest access on, but not until then.  

 

I have a fairly expensive front door lock that is supposed to be very strong and secure, but I still lock my deadbolt nonetheless.