Tips for Securing your Home Router from Internet-Based Threats
Change the Administrator Password
This password is used for logging into the router to modify settings, it is not used to connect devices to your wireless (WiFi) network. The default administrator password is usually written on a label physically attached to the router.
If you have changed the default administrator password or the one supplied by your Internet Service Provider (ISP) is secure already, eg. 8+ characters and contains numbers / symbols, then you do not need to do anything further.
If you have not changed the default administrator password and it is only a basic password, eg. admin, changeme, sky, then we recommend that you change this password.
Below are some links which explain how to reset the admin password for common home routers. The new password should be at least 8 characters long and difficult to guess. You will need the password to make changes to the router configuration in future.
o BT – How to reset your admin password (bt.custhelp.com)
o Virgin – Change settings page password (virginmedia.com)
o TalkTalk – Change router admin password (community.talktalk.co.uk)
o Sky – How do I change the password I use to login to my hub? (sky.com)
Consider Disabling UPnP (“Universal Plug and Play”)
Universal Plug and Play is a very convenient feature, but it does introduce a significant security vulnerability. UPnP opens ports to your internal devices automatically, without your knowledge when the device requests it. On routers provided by an Internet Service Provider (ISP) this is usually switched on by default. The chances are that unless you are using some very old media devices or play certain online games on your network, you do not actually require UPnP at all and can simply disable it without making any other changes. To disable it:
- BT Home Hub (depending on version) – Settings > Advanced Settings > Application Sharing > UPnP > Disable
- BT Home Hub (depending on version) – Settings > Advanced Settings > Firewall > UPnP > Disable
- Sky Hub (depending on version) – Advanced Network > UPnP > Disable
- Virgin Superhub – Advanced Settings > Security > UPnP > Disable
If you discover you cannot connect a device after disabling UPnP, enable UPnP again.
Check if there is are any "open ports", "port forwards" or a DMZ
If you’re using a home router provided by your Internet Service Provider (ISP) and you have never previously changed any settings on the router, then you should have nothing to change here. This section will only apply if you have previously gone into your router settings and set up port forwards to allow a remote connection into your home network.
If you do have any open ports (sometimes referred to as “port forwards”) or a DMZ then you must document what these are and decide if they are necessary. Open ports allow connections from the internet directly into your internal network so they can present a major security risk if not properly secured. This can be easily checked by logging in to the administrator interface of the router and reviewing if there are any port forwarding rules being applied.
- BT Home Hub - Advanced Settings > Firewall > Port Forwarding
- BT Home Hub - Advanced Settings > Firewall > DMZ
- Virgin Superhub - Advanced > Security > Port Forwarding
- Virgin Superhub - Advanced > Security > DMZ > Disable
Disable remote router management
As with the open ports section above, if you’re using a home router provided by your internet service provider (ISP) and you have never previously changed any settings on the router, then you should have nothing to change here.
Some routers have the option of remote management – allowing the router to be configured remotely over the internet. This opens up the router administration interface to attack. This is increasingly rare in modern home routers, so it’s possible you do not even have the option of configuring it.
- Virgin Superhub – Admin > Remote Access > Disabled