Routers 101 – A Guide for Non-Experts!
It’s that time of year when we risk facing ergonomic injury from successive swipes of the credit card on holiday gifts and tech gadgets for family, friends, and pets. Most of these tech gadgets are commonly referred to as Internet of Things (IoT) devices. IoTs are personal devices (e.g., phones, tablets, fitness trackers), home appliances, home control systems, vehicles, and other items that have been equipped with sensors, software, and network connectivity.
Most of us are ready to unbox our devices and plug and play but give little thought to securing these devices and the added stress these devices will cause to your router. My colleague Aaron West has an excellent article, Protecting Your Electronic “Toys,” highlighting four critical yet easy checklists to secure most IoT devices, but what I plan to deep-dive on is your router–your gateway to the internet and all of the digital benefits and threats that await you.
For most personal and small/medium business use, routers are the single point of failure. Additionally, the COVID-19 pandemic has forced many industries to work from home, so ensuring your employees’ networks are secure from malicious entities has become even more critical. My goal is to educate you on purchasing, setting up, and securing your router so that all of those new gadgets and toys can be your friends, not your foes. Remember that the more IoT devices you have, the more possible entry points hackers could have. Think of it like windows and doors in your house: the more entry points you have, the more locks and alarms you need to install and remember to lock.
So, since the most critical device that ties all your IoT devices together and connects them to the internet is your router, let’s dive in to help you feel and be secure through the new year!
Purchasing Your Equipment
Modem + Router Combo (MRC)
If you have an MRC, it takes in your internet service provider (ISP) data, e.g., cable, fiber, or DSL from Comcast, AT&T, Spectrum, etc., and converts it into a Wi-Fi signal your devices connect to. Contact your ISP and ask if not only the speed but the MRC can handle at minimum the number of devices you have plus 5-7 additional devices to future proof your home. If you are a business, then think about employee and device expansion. If you are unhappy with your MRC performance, you can purchase a separate router and plug it into the back of the MRC. If you go this route, I would highly recommend turning the MRC into Bridge Mode, which means instead of emitting a Wi-Fi signal for your devices to connect to, it will only transfer data to the router. Bridge Mode would eliminate numerous Wi-Fi names within your network, signal collisions, and reduce the entry points for hackers to snoop onto your network. Contact your ISP for instructions to enable Bridge Mode.
Additional Considerations for MRC:
- MRC performs double the work, i.e., getting the internet and providing Wi-Fi, so performance is affected.
- You are stuck with what your ISP is offering as they may not have a better model.
- Upgrading it can be a hassle, and your ISP may increase your monthly bill if they upgrade it.
- Purchasing it from a retailer would mean you will need a compatible–and probably proprietary–model, but this could eliminate your monthly rental equipment fee. For example, if you are a home user with Comcast and don’t want to pay the approximately $10-$20/month equipment rental fee, then you can purchase your own MRC that has DOCSIS 3.0 or higher–saving you $120 to $240/year which can go towards this purchase.
- If you are a business, check with your ISP if you have the last option, then consult with your IT department to weigh the pros and cons for troubleshooting.
Modem & Router (Separate)
You have much more flexibility in improving your speed and coverage if you use a separate modem and router. The modem would be connected to the wall via coaxial or ethernet and is receiving your ISP’s cable, fiber, or DSL data, and the router would be plugged into the back of the modem via one of its ethernet ports. Unlike the MRC mentioned earlier, you would connect all of your devices just to the router. Again, first, ensure from your ISP that the modem they are providing (or if you purchase your own, compatibility) can handle the speed you are paying for and has room for future speed upgrades. Then, when choosing a router, look for Wi-Fi 5 AC or, if you have a higher budget, Wi-Fi 6 AX for superior speeds, range, and efficiency. For businesses, consult with your ISP on recommended options. Naming schemes for routers are “Brand Name – Technology – Additional Details,” so, for example, ASUS – AX6000 Dual-Band Wi-Fi 6 Router or LINKSYS – AC5400 Tri-Band Wi-Fi 5 Router. For home use, I recommend selecting at minimum an AC1200 or higher and preferably one with antennas–choose a higher AC if your budget allows it. The antennas should provide notable improvements to your devices. For businesses, again, consult with your ISP but certainly investigate the higher range AC or AX routers with antennas–think employee and device expansion.
Range extenders, mesh networks, and Wi-Fi to ethernet bridges can improve poor performance, eliminate dead zones, connect specialty devices, and increase coverage area. I recommend online research/YouTube or consulting your ISP or Best Buy Geek Squad Consultants to learn more.
Setting Up Your Equipment
Now that you have purchased your new modem, router, or MRC and have contacted your ISP to ensure you are getting what you are paying for, it’s time to securely set it up.
Location & Coverage
The ideal spot to place your router is a central area that should roughly reach all corners of your home/office–top to bottom–and approximately 30-40ft in all directions. Understandably, some layouts will not allow you to place it centrally, so try your best to accommodate. Routers with antennas improve coverage and reliability, and another perk is that the antennas can be adjusted to specific angles to point to particular areas. Some routers can be ceiling mounted and have detailed instructions on positioning the antennas (always refer to the manufacturer’s manual for guidance).
Troubleshooting Performance Issues
Unfortunately, Wi-Fi signals are susceptible to interference from numerous things (including your neighbor’s Wi-Fi):
- Reflection/Bounce – mirrors or shiny surfaces causes the signals to reflect.
- Refraction – glass or water causes the signals to bend and take a different path (avoid putting your router near a fish tank or large body of water).
- Absorption – walls and windows absorb the signal (e.g., glass, concrete, stucco, plaster, and lath).
- Electromagnetic Interference (EMI) – other powerful signals cause the signals to cancel (e.g., appliances such as a microwave oven, Bluetooth, cordless phone, and radio).
You might be thinking, “Wow, I have everything imaginable that is worsening my signal.” That is okay! Try your best to place the router in an area that has as little interference as possible. Furthermore, despite your router’s performance, distance will always negatively impact it. To mitigate this simple law of physics, purchase a router with antennas and a rating higher than AC1200. However, if you continue to experience performance issues, you can switch between the 2.4GHz and 5GHz channels. You will see these options when you pull up the Wi-Fi options on your device and should see “Wi-FiName-2.4GHz or Wi-FiName-5GHz.”
Securing Your Network
Finally, let’s secure your network with these top four recommendations. To perform the following configurations, go into the router’s settings by downloading the manufacturer’s app or visiting its website located on the device and logging in with the default credentials.
- Change the default Wi-Fi password on the sticker, usually found on the bottom or back of the router, to a solid passphrase containing a mixture of special characters (which can include spaces), alphabets, numbers, and bonus points if you add phrases from another language. Utilizing password managers such as LastPass or OnePass to generate highly secure passwords is recommended. You can also refer to Reveal Risk’s quick do’s and don’ts for password management.
- Create an even stronger login credential for the router itself –not your Wi-Fi network– to add a second layer of defense. The goal is to frustrate a potential hacker by building numerous walls from them to your network. Use an even stronger passphrase for this, as hackers getting into the router can be detrimental.
- Ensure your router (and its accompanying mobile app if applicable) is updated to its latest firmware, providing you with the latest features, bug fixes, and most critical security patches. Thankfully, most routers can do this automatically, but you can manually check and install updates.
- Finally, separate your Wi-Fi network and add specific devices to each segment to add even more layers of defense to your network. This is an advanced feature, so I recommend contacting the manufacturer, reading through their guides, or watching a YouTube video on your particular model. Still, you can add a guest network and/or different Wi-Fi networks depending on your router. Why do you want to do this?
- If one of your IoT devices is compromised, say your fridge, Alexa, or printer, the hacker is stuck on the guest network and will have to do significantly more work to breach your primary network. Moreover, this should reduce the work your router has to do to maintain a record of all devices ever connected to it.
- You can never be sure when/if your friend, colleague, guest, or whoever has an infected device. So, instead of having their device on your primary network, which could act as the trojan horse into your most essential devices, they would be stuck on the guest/segmented network. Moreover, since IoT devices remember a network so you don’t have to constantly login, their device would automatically connect to your guest/segmented Wi-Fi.
- Finally, if your friend, colleague, guest, or anyone has malicious intent, putting them onto a guest/segmented network would mitigate attacks affecting your other devices and, ultimately, your entire network.
I hope you feel much more comfortable with routers and feel empowered to enhance your home or office basic network security while ensuring the best coverage and performance. The key takeaways are as follows:
- Change the default Wi-Fi password to something difficult to guess, and optionally, the name to something fun and easily findable.
- Change the router’s default login credentials.
- Keep your equipment and any accompanying apps updated to ensure the latest features, bug fixes, and security patches.
- Enable guest Wi-Fi to limit attacks on your network, and consider placing your IoT and least critical devices on it.
- When purchasing a modem, router, or MRC, think about your current setup and those who will be using it in addition to future devices and speed upgrades. If unsure, buy a router with a minimum AC1200 Wi-Fi 5 or AX Wi-Fi 6 with antennas.
- Place your router in a central area that has as few interfering obstacles (water, glass, mirrors, walls) and signals (Bluetooth, radio, microwave oven, and other appliances) as possible to ensure the best coverage 30-40ft in all directions.