March 21, 2025 • 29 mins
Questions we answer in this episode
What are the seven most critical router security settings?
What is WPS and when is it okay to use?
What is a brute force password attack?
Which unexpected setting helps against this attack?
Episode summaryDefault passwords and settings make a hacker's job easy.
It's time to take just a few minutes and strengthen your router's security.
If you don't know how to access your router, please listen to Episode 54
Call to actionAdjust these settings:
1 - use a strong, unique router admin password of at least 14 characters
2 - disable remote administration if you can or use a random username and strong, unique password for the cloud account
3 - enable automatic firmware updates
4 - use a strong, unique wifi password of at least 16 characters
5 - use a unique wifi name with no brand or personal information in it
6 - disable WPS (Wi-Fi Protected Setup)
7 - disable UPnP (Universal Plug and Play)
LinksMark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
(00:00):
Here we go again.
(00:03):
What are the seven most critical router security settings?
Listeners, I don't even know how to answer this question.
We are totally going to learn this one together because I have no idea what security settings
our routers even contain.
So we're going to figure this out.
(00:24):
And our master guardian with his next question is really giving us some screws like, what
is WPS and when is it okay to use?
Again, listeners, I'm right there with you.
(00:46):
I have no idea what WPS stands for.
I don't know when it's okay to use, but we're going to figure this out together.
Not a big deal.
I did like this question because it made me think of real world stuff.
I could relate to it.
What is a brute force password attack?
(01:06):
Yeah.
Dude.
Well, my guess is someone or something is trying to force their way in.
Yeah.
They're shoving it in.
Yeah.
Well, I'm with you.
And we'll get into the details, but I like it too because we can all relate.
It's one of those metaphors, right?
It's a little metaphor that once we explain it, we see it, it'll stick in your brain pretty
(01:26):
well and it's a good thing to understand in general.
I like it.
Now this one I think is going to be a good one to talk about because which unexpected
setting helps against this attack?
So we've already got a setting that I say we really, we've got we again, yep, it's official.
(02:02):
We've got a secret or at least a setting that's going to help you against a brute force password
attack.
Yeah.
Well, I think it's awesome.
Yeah.
Well, and here's the interesting thing that you'll be curious to know, Nick, is I was researching
for this episode, making sure, you know, always do that for an episode.
(02:25):
And one thing that I learned actually in process of researching was about how this setting
helps in brute force.
And the reason I put unexpected is because not only will it be unexpected to you, but
it was unexpected to me.
Nice.
And so, yeah, it's, yeah, I learned something new and interesting.
(02:45):
So I thought it was, it was, it was one that wasn't too geeky and worth sharing, so.
We love it when it's not too geeky and it's worth sharing and especially when we get unexpected
protection, layering up our security.
Yep.
Okay.
Well, welcome back.
Thanks for tuning in.
(03:07):
As you know, I'm Nick and this is Super Simple Security Principles.
Listen each week and learn how to think, not what to think.
This is episode 55, seven, the seven critical router security settings.
That's kind of a tongue twister, seven critical router security settings.
(03:30):
Yeah.
Yeah.
It is.
You're welcome.
That said, you know, like last week's episode was pretty simple.
You know, we, we kept that really simple, like how do you log into your router?
You can find your username and password.
(03:51):
Yep.
And you're going to need that this week, right?
Right.
I'd assumed, I'd assumed if we're going to do some settings and changing some settings,
I'm assuming we're going to need some access to our router.
Yep.
Yep.
So obviously go.
Yeah, exactly.
You need to be able to log into your router.
So go back to listen to episode 54 from last week if you haven't.
(04:16):
Yeah.
So that's all the introduction I have.
Well, so the first setting is, and we talked about this.
We're jumping right in.
Let's go.
Oh yeah.
I know.
Sometimes I have a lot of introduction, but this time I was just like, nah, we just need
a reference last time.
And I suspect this in general is going to probably be a fairly short episode, honestly.
Just a heads up for everybody.
(04:39):
So but, and we talked about this one last week, but I wanted to repeat it in case you
haven't already done it.
And that is make sure you have a strong, unique password for your router admin password.
Okay.
I think we did cover that.
Didn't you say something along the lines of like 14 characters and password manager maybe
(05:01):
setting it up?
That's what I would do is use that password manager to set that up.
Yep.
Well, and actually, and I didn't, I didn't put this in my notes, but then I remembered.
You can also actually do a random username in there.
And that helps.
It's not as much, you know, it's not nearly as important as the password, but having a
(05:21):
random username does up the challenge level a little bit.
Okay.
So, and it doesn't hurt other than you got to make sure you don't forget it either.
So.
There you go.
There you go.
Okay.
One more level.
We just layered up again, man.
Yep.
And then setting two is, and we talked, we had a lot about this in episode 52.
(05:48):
We talked about why allowing a remote administration of your router, why letting, you know, somebody
on the internet log into your router.
In other words, that's not a good thing.
Yeah, exactly.
Bad idea, generally speaking.
And so that's why my recommendation for most people is to have it turned off.
(06:09):
Okay.
But here's what you need to know also is that there are a lot of modern routers actually
where you don't have a choice.
They, there's, well, and yeah, so because, because there are a lot of people who want
to be able to do that, it's very convenient.
(06:29):
And they, they have made some more secure, like they've, they've done it because it's
in demand.
They've put some more thought into it generally.
Again, like we talked about the up levels, part of that goes in hand in hand with remote
administration.
It all boils down to the specific router.
(06:49):
And I can, no, if you have a question about that, like if you're wanting remote administration
for whatever reason, and you're wondering how security or whatever, again, come, feel free
to come to the forum.
We can talk about your specific router.
But do you mind if I ask a question to interrupt?
Yeah, no, please do.
So I'm sitting here thinking, why, why would we want to give remote access to our, to someone?
(07:17):
Why would we do that?
Yeah, the most common case is, at least that I'm familiar with, is like you have, you know,
old grandparents, you go set up a router for them.
And then, you know, you live far away and you want to be able to help them if something
goes wrong on their, on their network.
(07:38):
And so you want to be able to control it remotely.
So if some of us are technically challenged, and we need help setting up our network, this
is when we might give remote access.
Yeah.
Now, I, you know, and that's not even necessarily a guarantee, because, I mean, most of the
(07:59):
time the kind of help you need is with an individual computer, not necessarily with
your router.
Right.
And those are two totally separate things.
Giving access so somebody can look at your computer is a very different prospect than
giving somebody access to access your, or, you know, log into your router.
Right.
Yeah.
Yeah.
Those are two distinct things and two different kinds of help that are needed.
(08:21):
Right.
And, you know, the router help is less common because, like I, like we talked about in the
last episode, a lot of times, once you get the router set up, you know, you don't have
to touch it again for a long time.
Right.
And that's why we're going down this rabbit hole is, hey, if we could set up some security
settings now, you're going to be good for a while.
(08:44):
Exactly.
Awesome.
Yeah.
So, you know, most modern routers fall into one of two categories.
Either remote administration is off by default, in which case all you have to do is not turn
it on.
Right.
Right.
Don't do anything.
The default is good for you in this case, or remote administration is on by default and
(09:11):
there's no way to turn it off.
Hmm.
Right.
In which case, you know, the best you can do is make sure you use a random username,
like we talked about, and most importantly, a strong, unique password.
Gotcha.
Okay.
Now, if you have a mesh router, which are becoming increasingly popular because they
(09:32):
provide such awesome Wi-Fi coverage, it's most likely in this second category.
Okay.
One notable exception, and there may be others, but this is one Kem has, is a brand called
Unify, and he has a mesh router from them, and you can turn off the remote administration
(09:53):
there.
So that's a little shout out to Unify.
Well done.
Yeah.
That's awesome.
Yeah.
So, okay.
You ready for setting three?
Yep.
Let's get to setting three.
Automatic firmware updates.
Now, we've talked about this in the past, about making sure we're doing our updates.
(10:17):
That's exactly right.
And I'm assuming this is why.
It's because every update is probably going to be security-related?
Yeah.
Not 100% for sure.
Oh, okay.
But sometimes they add little features and stuff too.
With routers, they don't update the features a ton, but yeah.
(10:41):
So yeah.
I mean, you're exactly right, though.
Keeping your software updated on all your devices is a fundamental security practice.
The security updates specifically.
With a lot of ones, with routers included, generally you can't just install security
updates like you can with your phones or your laptops.
So you'll just have to update it.
(11:02):
But the reason why it's important is the same as everywhere, because one of the most common
ways that hackers break in is to bugs that get found, that then they're able to exploit
and haven't been updated because you still have an old version of the software.
Yep.
Yep.
So, I mean, it is just, you cannot be overstated how common that is the source of the vulnerability.
(11:30):
They're finding the loophole and they're exploiting it.
Yep.
And, you know, inertia is on their side, right?
Because a lot of times, and sadly, with routers, they don't all support automatic updates.
I have to give that caveat.
Like some do, some don't.
Mine, for example, even though it's an awesome router, I love it to death and would never
(11:52):
change it, it does not have automatic updates.
So I just have to go check manually occasionally or like be on their mailing list or, you know,
when there are ones that come out.
Those are your basic options.
In fact, actually, I have on my notes, but that's probably at least that's what I would
do is get on the list.
(12:14):
Like if your router doesn't support automatic updates, check if they do have a way to like
get on their newsletter or whatever.
Because if they have a newsletter, they're going to email out about if there's an important
vulnerability.
Yeah.
Or if you like your register with them or something anyway, where you could get proactive
news from them about updates.
(12:36):
Okay.
Okay.
So, yeah.
Does that make sense?
Makes sense.
Yep.
Okay.
Now, here's the, this is the fun one.
Well, actually, no, there's two really fun ones, but this is the first of them.
I know, you know, fun's relative, but I like, I like them.
So there's the Wi-Fi password is the setting that we're talking about, and it's related
(13:01):
to the brute force attacks.
Okay.
So, my recommendation is to have probably a 16 characters on your Wi-Fi password.
Okay.
And here's the, here's the reason why.
Wi-Fi passwords suffer from a fairly unique weakness these days, where with, I won't get
(13:26):
into all the technical details, but they are, they can be attacked using a brute force attack
in a way, like your online websites and stuff, they have a lot of ways to protect against
brute force attacks, but your Wi-Fi password specifically doesn't have the same kind of
protections that apply in a lot of other areas.
(13:49):
And so, because of that vulnerability specifically to the brute force attack, which again, we'll
talk about in just a second, it's extra important if you don't want anybody hacking your, to
get onto your Wi-Fi network, that you have a long password, even though it sounds crazy
that you need that long.
And most people don't.
Right.
(14:10):
Does that make sense?
It makes sense.
Cause, I mean, just me personally, like, you know, we travel a lot for sports and things
like that.
And every time I'm in a new rental or logging into their Wi-Fi, I'm like, this is the dumbest
password.
Like, I'm never going to forget this password, you know?
Yeah.
(14:30):
It's like five characters, you know?
Yeah.
Yep.
So, a brute force password attack is very simple.
It just means you try to guess the password repeatedly.
Put in a password, put in a password, put in a password, put in a password.
Right?
Okay.
(14:50):
And what happens if your kid does that when they're trying to get into your phone, Nick?
Eventually you lock it.
Yeah, exactly.
It locks you out.
The device itself will just lock you out.
And that kind of protection is built into most places.
But unfortunately, due to the nature of the Wi-Fi technology, there is basically a way
(15:13):
for hackers to avoid a lockout when trying to guess your Wi-Fi password.
That sucks.
Yeah.
It is.
And I don't know.
That might change one day.
They might figure out a way.
I don't know.
Like, I don't know all the teeny-tiny details about that.
I just know that in studying this, that was one thing that came out, was that they're
subject to these kind of, just very simple, unsophisticated brute force attack.
(15:38):
But you can just try it over and over without being penalized, without getting locked out.
Gotcha.
So, and, yeah.
Okay, so, setting five, only one hand, five.
Yes.
The Wi-Fi name.
(15:59):
Okay, now, this one might sound kind of silly, right?
Like, I'm telling you, you should change the name of your Wi-Fi network.
From the default, that is.
Maybe what you have now is fine, right?
Yeah.
But from the default, and you don't want to use, I suggest anyway, you don't use anything
(16:21):
like the router brand in the name, because that gives a little bit of information.
I suggest you don't put any personal information, like your last name is a common one I see
in the name.
You know, how much risk, that, anyway, that's my advice, that's my advice.
But the most important part in choosing the Wi-Fi name is actually just having a somewhat
(16:46):
unique, well, I mean, yeah.
You want a unique one, as unique as you can, and definitely at least not the default that
it came with.
Yeah.
And, and the reason why is because, like we talked about in our opening question, this
is the setting that provides additional protection against the brute force attack.
(17:07):
Got you.
Now, I can't really explain to you why very easily.
It's like super geeky, super technical, but I'll say it this way.
When we talk about encryption, we talk about, we're like, we're locking, you know, your
Wi-Fi password up, right?
(17:28):
We don't make it so you can just kind of walk up to the wall and read it plain out, right?
Right.
Well, the name of your Wi-Fi is involved, it's one of the inputs, it's one of the pieces
of data that is used in securing your Wi-Fi password and locking it up.
(17:50):
That makes sense.
And so, if you just use the default, then the hackers, it makes their job a little bit
easier in guessing that password.
Yeah.
That's...
Yeah.
That makes sense.
For anybody technical listening, the word is, it's used as the salt in the algorithm.
(18:15):
So, yeah, no, it's, that's really super technical, I just, you know, anyway, so, enough said
there.
Okay.
But that was the one I learned, that I didn't realize that it was used in that way.
And so, it's not just, it's not because it might give away information, although I think
that's worth doing, again, like I said, with don't bring the router brand or personal information,
(18:38):
but it's more about that geeky underlining reason that's really the most critical part
of why it's not necessarily obvious or intuitive, right?
Like I wouldn't have necessarily said, oh, yeah, you should definitely change your Wi-Fi
name because it's going to protect you better, you know, it's not obvious why, so, anyway.
(18:58):
Okay.
Now, we're to setting six, which is going to answer another one of our opening questions,
which is WPS.
Yep.
And it stands for Wi-Fi Protected Setup.
Okay.
Okay.
Now, the way I was thinking of to explain this, what WPS is, it's sort of like when
(19:20):
you do a Bluetooth pairing between, you know, headphones and your phone or whatever, that
type of thing, right?
Your car.
Most people have used Bluetooth.
Yeah, exactly.
And most people have used Bluetooth, so they know there's kind of this pairing setup phase
where you get two devices that are Bluetooth to be able to talk to each other, right?
Yep.
Yeah.
(19:41):
And so, what WPS is, it's the same thing except for having a new device get connected to your
Wi-Fi network at home, and like a common one is going to be like a printer.
Like say you got a new printer and you want to connect it, well, usually like typing
in a password on the little screen for your printer, it's kind of a pain.
(20:05):
Like it could be done and they definitely have the interface to do it, but it's a bit
of a hassle, right?
Yep.
And so, WPS is kind of like a little button way that you can, it's a simpler, you don't
have to actually type in the password, you just basically say, I want to connect this
device and, okay, and then you're set up without having to type the password in.
(20:30):
So we're basically turning a setting on that allows us to pair our devices properly.
No, no.
No?
No.
So this is actually about disabling this setting.
Oh, okay.
That makes more sense.
Yeah.
So if it's on, and the other part of the question was, when is it okay, right?
(20:57):
And so when I say it's, at least my perspective is, when you're first setting up the router,
you know, and if you want to like connect all your devices to it, and you want to make
it, you know, and you use WPS and you want to do that to make it easy, that's fine.
But once you do that initial setup, and you're not going to think about or touch your router
(21:17):
again, then I recommend turning it off.
Yeah.
Okay.
Because it's not like a huge gaping hole, but it can be exploited.
It's a little bit of a vulnerability that, in my opinion, is not, it's always a trade
off of convenience versus security, or often at least.
And my opinion is that it's not a good trade off.
(21:43):
Awesome.
And I shouldn't even say just my, it's pretty common, like you'll look at basic router settings
to change if you're trying to have maximum security, you'll see disabling WPS all over
the place.
Okay.
And the same is true.
So for this last setting, and we talked about this, I think, just a bit before, universal
(22:09):
plug and play.
Remember that phrase?
I think we talked about it in...
It sounds familiar, but let's rehash it a little bit.
Yeah.
So it's another one that is a convenience feature for setting up certain devices.
Okay.
I personally never used it, but searching online, it looks like making your Xbox, for
(22:32):
example, setup easier is a very common use case.
Okay.
For certain types of games and stuff like, and it lists, there's also sometimes printers
even I think it looked like to me, again, I've never actually used it, but what it does
(22:53):
is it can let individual devices ask the router to open up ports.
If you remember what that is, right?
We're basically saying, okay, accept some phone calls.
Yeah.
Right?
Yeah.
Because I need it.
Incoming calls come in.
Yeah.
(23:14):
And so that's how it can end up, you're basically letting devices in some cases ask the router
to open up ports and without you necessarily knowing about that.
And I never want to give the device, like if I want some specific thing open, I want
to make sure I do that myself very specifically.
(23:34):
Manually open that versus have it do it on its own.
Yep.
Makes sense.
Yeah.
Because it's just, it opens up again, and this is pretty common security advice out there.
There's not a lot of disagreement about that.
If you're trying to lock down your router, you want to turn that off because it just,
it opens up some additional points of attack for hackers.
(23:58):
So.
Okay.
Yeah.
That was seven.
Yeah.
Seven.
Let's review them real quick.
How quick can you spout those seven off?
I'll hold up the fingers.
Yeah.
So the router admin password, disabling remote administration, automatic firmware updates,
(24:21):
strong unique Wi-Fi password, unique Wi-Fi name, disable WPS, and disable universal plug
and play.
Obviously, a lot of times abbreviated as UPnP.
Okay.
So, yeah.
Well, and here's one thing about that list, too.
(24:42):
Another plug for our weekly emails that we send out along with the podcast is, you know,
you don't have to take notes.
Like, you don't have to remember that list that I just said.
If you just sign up for the emails, I'll send you out and I do all the most important things,
including the call to action summary, try to pack as much of, you know, these 20, 25
(25:06):
minutes into, you know, like a one minute worth of reading.
That's my goal is to have that email one minute and it'll definitely have those seven in there.
So just another plug for that email.
Yeah.
If you're not getting our emails, log in, you know, sign up for those.
We would love to be able to send you out our emails.
(25:27):
They're super easy.
Like, these are emails I enjoy, that I read, that I can handle.
Nice.
That's about as high praise as you get.
Nice.
Awesome.
Okay.
So, sign up for our emails.
What's going to be our call to action, though?
(25:48):
We've reached that time in our show.
We're already there.
Yeah.
Well, so your recap kind of did it for us because really it's just go adjust those settings
and the way we talked about, you know, most of them are just turning something off, but
obviously there's a couple that are also take a little more work because you've got to pick
a strong, unique password for them or the, you know, Wi-Fi name.
(26:12):
But yeah, that's it.
I think I looked at the questions too.
I think we covered those.
And so, you know, I think we're good for today's episode.
Awesome.
Awesome.
Well, let's segue into next episode a little bit.
We've talked about the external attacks on your home network.
(26:33):
So the ones that are coming from the internet, those incoming calls, right?
Incoming calls.
In our next episode, we're going to focus on the internal attacks, which are from the
devices inside your home.
Let's go.
Right?
I think most of us can comprehend the importance of safeguarding our devices in our own home.
(26:58):
This is something I think we could easily wrap our minds around, especially given that
we just did all the router stuff, you know, like we just talked about router and people
are like, or at least I was like, yes, routers, you know, access, I got to log into my router?
(27:19):
Like, this is going to be something that I think resonates well with everybody.
Look, we're going to focus on the internal attacks from the devices inside your home
network.
So there we go.
We have a ton of devices.
This is going to be awesome.
Yeah.
Well, and it may, you know, you might be asking, and we'll talk about this, but you know, why
(27:43):
are devices on my own home network attacking, right?
Right.
That's going to be, that's one of the big kind of questions.
So normally you'd expect all the devices to be friendly on your home network, right?
But there's reasons why that ends up not being the case sometimes.
So we just learned about it briefly with, you know, our Xbox being able to port out,
(28:07):
you know?
Yeah.
Yeah, that's true.
Well, yeah, that's not intentionally malicious, just maybe reckless.
But yeah.
Fair enough.
Yeah.
Okay.
Well, there you have it.
That was an awesome show, dude.
Yeah.
Thank you.
You too, man.
(28:27):
It's good stuff.
Appreciate all your questions and interjections a lot.
I think it helps a lot for listeners to make sure, keeping me simple.
Get on our email list.
It's super simple.
Yeah.
Amen.
(28:50):
Are you ready to take action and wondering where to start?
Get my Bulletproof MyIdentity Starter Kit for free.
The seven most vital layers of protection everyone needs.
I'll send you one step at a time and help you if you get stuck.
Just go to bulletproofmyid.com and enter your name and email and I will send you the first step.
(29:14):
Again, that's bulletproofmyid.com.
Here we go again.
(00:03):
What are the seven most critical router security settings?
Listeners, I don't even know how to answer this question.
We are totally going to learn this one together because I have no idea what security settings
our routers even contain.
So we're going to figure this out.
(00:24):
And our master guardian with his next question is really giving us some screws like, what
is WPS and when is it okay to use?
Again, listeners, I'm right there with you.
(00:46):
I have no idea what WPS stands for.
I don't know when it's okay to use, but we're going to figure this out together.
Not a big deal.
I did like this question because it made me think of real world stuff.
I could relate to it.
What is a brute force password attack?
(01:06):
Yeah.
Dude.
Well, my guess is someone or something is trying to force their way in.
Yeah.
They're shoving it in.
Yeah.
Well, I'm with you.
And we'll get into the details, but I like it too because we can all relate.
It's one of those metaphors, right?
It's a little metaphor that once we explain it, we see it, it'll stick in your brain pretty
(01:26):
well and it's a good thing to understand in general.
I like it.
Now this one I think is going to be a good one to talk about because which unexpected
setting helps against this attack?
So we've already got a setting that I say we really, we've got we again, yep, it's official.
(02:02):
We've got a secret or at least a setting that's going to help you against a brute force password
attack.
Yeah.
Well, I think it's awesome.
Yeah.
Well, and here's the interesting thing that you'll be curious to know, Nick, is I was researching
for this episode, making sure, you know, always do that for an episode.
(02:25):
And one thing that I learned actually in process of researching was about how this setting
helps in brute force.
And the reason I put unexpected is because not only will it be unexpected to you, but
it was unexpected to me.
Nice.
And so, yeah, it's, yeah, I learned something new and interesting.
(02:45):
So I thought it was, it was, it was one that wasn't too geeky and worth sharing, so.
We love it when it's not too geeky and it's worth sharing and especially when we get unexpected
protection, layering up our security.
Yep.
Okay.
Well, welcome back.
Thanks for tuning in.
(03:07):
As you know, I'm Nick and this is Super Simple Security Principles.
Listen each week and learn how to think, not what to think.
This is episode 55, seven, the seven critical router security settings.
That's kind of a tongue twister, seven critical router security settings.
(03:30):
Yeah.
Yeah.
It is.
You're welcome.
That said, you know, like last week's episode was pretty simple.
You know, we, we kept that really simple, like how do you log into your router?
You can find your username and password.
(03:51):
Yep.
And you're going to need that this week, right?
Right.
I'd assumed, I'd assumed if we're going to do some settings and changing some settings,
I'm assuming we're going to need some access to our router.
Yep.
Yep.
So obviously go.
Yeah, exactly.
You need to be able to log into your router.
So go back to listen to episode 54 from last week if you haven't.
(04:16):
Yeah.
So that's all the introduction I have.
Well, so the first setting is, and we talked about this.
We're jumping right in.
Let's go.
Oh yeah.
I know.
Sometimes I have a lot of introduction, but this time I was just like, nah, we just need
a reference last time.
And I suspect this in general is going to probably be a fairly short episode, honestly.
Just a heads up for everybody.
(04:39):
So but, and we talked about this one last week, but I wanted to repeat it in case you
haven't already done it.
And that is make sure you have a strong, unique password for your router admin password.
Okay.
I think we did cover that.
Didn't you say something along the lines of like 14 characters and password manager maybe
(05:01):
setting it up?
That's what I would do is use that password manager to set that up.
Yep.
Well, and actually, and I didn't, I didn't put this in my notes, but then I remembered.
You can also actually do a random username in there.
And that helps.
It's not as much, you know, it's not nearly as important as the password, but having a
(05:21):
random username does up the challenge level a little bit.
Okay.
So, and it doesn't hurt other than you got to make sure you don't forget it either.
So.
There you go.
There you go.
Okay.
One more level.
We just layered up again, man.
Yep.
And then setting two is, and we talked, we had a lot about this in episode 52.
(05:48):
We talked about why allowing a remote administration of your router, why letting, you know, somebody
on the internet log into your router.
In other words, that's not a good thing.
Yeah, exactly.
Bad idea, generally speaking.
And so that's why my recommendation for most people is to have it turned off.
(06:09):
Okay.
But here's what you need to know also is that there are a lot of modern routers actually
where you don't have a choice.
They, there's, well, and yeah, so because, because there are a lot of people who want
to be able to do that, it's very convenient.
(06:29):
And they, they have made some more secure, like they've, they've done it because it's
in demand.
They've put some more thought into it generally.
Again, like we talked about the up levels, part of that goes in hand in hand with remote
administration.
It all boils down to the specific router.
(06:49):
And I can, no, if you have a question about that, like if you're wanting remote administration
for whatever reason, and you're wondering how security or whatever, again, come, feel free
to come to the forum.
We can talk about your specific router.
But do you mind if I ask a question to interrupt?
Yeah, no, please do.
So I'm sitting here thinking, why, why would we want to give remote access to our, to someone?
(07:17):
Why would we do that?
Yeah, the most common case is, at least that I'm familiar with, is like you have, you know,
old grandparents, you go set up a router for them.
And then, you know, you live far away and you want to be able to help them if something
goes wrong on their, on their network.
(07:38):
And so you want to be able to control it remotely.
So if some of us are technically challenged, and we need help setting up our network, this
is when we might give remote access.
Yeah.
Now, I, you know, and that's not even necessarily a guarantee, because, I mean, most of the
(07:59):
time the kind of help you need is with an individual computer, not necessarily with
your router.
Right.
And those are two totally separate things.
Giving access so somebody can look at your computer is a very different prospect than
giving somebody access to access your, or, you know, log into your router.
Right.
Yeah.
Yeah.
Those are two distinct things and two different kinds of help that are needed.
(08:21):
Right.
And, you know, the router help is less common because, like I, like we talked about in the
last episode, a lot of times, once you get the router set up, you know, you don't have
to touch it again for a long time.
Right.
And that's why we're going down this rabbit hole is, hey, if we could set up some security
settings now, you're going to be good for a while.
(08:44):
Exactly.
Awesome.
Yeah.
So, you know, most modern routers fall into one of two categories.
Either remote administration is off by default, in which case all you have to do is not turn
it on.
Right.
Right.
Don't do anything.
The default is good for you in this case, or remote administration is on by default and
(09:11):
there's no way to turn it off.
Hmm.
Right.
In which case, you know, the best you can do is make sure you use a random username,
like we talked about, and most importantly, a strong, unique password.
Gotcha.
Okay.
Now, if you have a mesh router, which are becoming increasingly popular because they
(09:32):
provide such awesome Wi-Fi coverage, it's most likely in this second category.
Okay.
One notable exception, and there may be others, but this is one Kem has, is a brand called
Unify, and he has a mesh router from them, and you can turn off the remote administration
(09:53):
there.
So that's a little shout out to Unify.
Well done.
Yeah.
That's awesome.
Yeah.
So, okay.
You ready for setting three?
Yep.
Let's get to setting three.
Automatic firmware updates.
Now, we've talked about this in the past, about making sure we're doing our updates.
(10:17):
That's exactly right.
And I'm assuming this is why.
It's because every update is probably going to be security-related?
Yeah.
Not 100% for sure.
Oh, okay.
But sometimes they add little features and stuff too.
With routers, they don't update the features a ton, but yeah.
(10:41):
So yeah.
I mean, you're exactly right, though.
Keeping your software updated on all your devices is a fundamental security practice.
The security updates specifically.
With a lot of ones, with routers included, generally you can't just install security
updates like you can with your phones or your laptops.
So you'll just have to update it.
(11:02):
But the reason why it's important is the same as everywhere, because one of the most common
ways that hackers break in is to bugs that get found, that then they're able to exploit
and haven't been updated because you still have an old version of the software.
Yep.
Yep.
So, I mean, it is just, you cannot be overstated how common that is the source of the vulnerability.
(11:30):
They're finding the loophole and they're exploiting it.
Yep.
And, you know, inertia is on their side, right?
Because a lot of times, and sadly, with routers, they don't all support automatic updates.
I have to give that caveat.
Like some do, some don't.
Mine, for example, even though it's an awesome router, I love it to death and would never
(11:52):
change it, it does not have automatic updates.
So I just have to go check manually occasionally or like be on their mailing list or, you know,
when there are ones that come out.
Those are your basic options.
In fact, actually, I have on my notes, but that's probably at least that's what I would
do is get on the list.
(12:14):
Like if your router doesn't support automatic updates, check if they do have a way to like
get on their newsletter or whatever.
Because if they have a newsletter, they're going to email out about if there's an important
vulnerability.
Yeah.
Or if you like your register with them or something anyway, where you could get proactive
news from them about updates.
(12:36):
Okay.
Okay.
So, yeah.
Does that make sense?
Makes sense.
Yep.
Okay.
Now, here's the, this is the fun one.
Well, actually, no, there's two really fun ones, but this is the first of them.
I know, you know, fun's relative, but I like, I like them.
So there's the Wi-Fi password is the setting that we're talking about, and it's related
(13:01):
to the brute force attacks.
Okay.
So, my recommendation is to have probably a 16 characters on your Wi-Fi password.
Okay.
And here's the, here's the reason why.
Wi-Fi passwords suffer from a fairly unique weakness these days, where with, I won't get
(13:26):
into all the technical details, but they are, they can be attacked using a brute force attack
in a way, like your online websites and stuff, they have a lot of ways to protect against
brute force attacks, but your Wi-Fi password specifically doesn't have the same kind of
protections that apply in a lot of other areas.
(13:49):
And so, because of that vulnerability specifically to the brute force attack, which again, we'll
talk about in just a second, it's extra important if you don't want anybody hacking your, to
get onto your Wi-Fi network, that you have a long password, even though it sounds crazy
that you need that long.
And most people don't.
Right.
(14:10):
Does that make sense?
It makes sense.
Cause, I mean, just me personally, like, you know, we travel a lot for sports and things
like that.
And every time I'm in a new rental or logging into their Wi-Fi, I'm like, this is the dumbest
password.
Like, I'm never going to forget this password, you know?
Yeah.
(14:30):
It's like five characters, you know?
Yeah.
Yep.
So, a brute force password attack is very simple.
It just means you try to guess the password repeatedly.
Put in a password, put in a password, put in a password, put in a password.
Right?
Okay.
(14:50):
And what happens if your kid does that when they're trying to get into your phone, Nick?
Eventually you lock it.
Yeah, exactly.
It locks you out.
The device itself will just lock you out.
And that kind of protection is built into most places.
But unfortunately, due to the nature of the Wi-Fi technology, there is basically a way
(15:13):
for hackers to avoid a lockout when trying to guess your Wi-Fi password.
That sucks.
Yeah.
It is.
And I don't know.
That might change one day.
They might figure out a way.
I don't know.
Like, I don't know all the teeny-tiny details about that.
I just know that in studying this, that was one thing that came out, was that they're
subject to these kind of, just very simple, unsophisticated brute force attack.
(15:38):
But you can just try it over and over without being penalized, without getting locked out.
Gotcha.
So, and, yeah.
Okay, so, setting five, only one hand, five.
Yes.
The Wi-Fi name.
(15:59):
Okay, now, this one might sound kind of silly, right?
Like, I'm telling you, you should change the name of your Wi-Fi network.
From the default, that is.
Maybe what you have now is fine, right?
Yeah.
But from the default, and you don't want to use, I suggest anyway, you don't use anything
(16:21):
like the router brand in the name, because that gives a little bit of information.
I suggest you don't put any personal information, like your last name is a common one I see
in the name.
You know, how much risk, that, anyway, that's my advice, that's my advice.
But the most important part in choosing the Wi-Fi name is actually just having a somewhat
(16:46):
unique, well, I mean, yeah.
You want a unique one, as unique as you can, and definitely at least not the default that
it came with.
Yeah.
And, and the reason why is because, like we talked about in our opening question, this
is the setting that provides additional protection against the brute force attack.
(17:07):
Got you.
Now, I can't really explain to you why very easily.
It's like super geeky, super technical, but I'll say it this way.
When we talk about encryption, we talk about, we're like, we're locking, you know, your
Wi-Fi password up, right?
(17:28):
We don't make it so you can just kind of walk up to the wall and read it plain out, right?
Right.
Well, the name of your Wi-Fi is involved, it's one of the inputs, it's one of the pieces
of data that is used in securing your Wi-Fi password and locking it up.
(17:50):
That makes sense.
And so, if you just use the default, then the hackers, it makes their job a little bit
easier in guessing that password.
Yeah.
That's...
Yeah.
That makes sense.
For anybody technical listening, the word is, it's used as the salt in the algorithm.
(18:15):
So, yeah, no, it's, that's really super technical, I just, you know, anyway, so, enough said
there.
Okay.
But that was the one I learned, that I didn't realize that it was used in that way.
And so, it's not just, it's not because it might give away information, although I think
that's worth doing, again, like I said, with don't bring the router brand or personal information,
(18:38):
but it's more about that geeky underlining reason that's really the most critical part
of why it's not necessarily obvious or intuitive, right?
Like I wouldn't have necessarily said, oh, yeah, you should definitely change your Wi-Fi
name because it's going to protect you better, you know, it's not obvious why, so, anyway.
(18:58):
Okay.
Now, we're to setting six, which is going to answer another one of our opening questions,
which is WPS.
Yep.
And it stands for Wi-Fi Protected Setup.
Okay.
Okay.
Now, the way I was thinking of to explain this, what WPS is, it's sort of like when
(19:20):
you do a Bluetooth pairing between, you know, headphones and your phone or whatever, that
type of thing, right?
Your car.
Most people have used Bluetooth.
Yeah, exactly.
And most people have used Bluetooth, so they know there's kind of this pairing setup phase
where you get two devices that are Bluetooth to be able to talk to each other, right?
Yep.
Yeah.
(19:41):
And so, what WPS is, it's the same thing except for having a new device get connected to your
Wi-Fi network at home, and like a common one is going to be like a printer.
Like say you got a new printer and you want to connect it, well, usually like typing
in a password on the little screen for your printer, it's kind of a pain.
(20:05):
Like it could be done and they definitely have the interface to do it, but it's a bit
of a hassle, right?
Yep.
And so, WPS is kind of like a little button way that you can, it's a simpler, you don't
have to actually type in the password, you just basically say, I want to connect this
device and, okay, and then you're set up without having to type the password in.
(20:30):
So we're basically turning a setting on that allows us to pair our devices properly.
No, no.
No?
No.
So this is actually about disabling this setting.
Oh, okay.
That makes more sense.
Yeah.
So if it's on, and the other part of the question was, when is it okay, right?
(20:57):
And so when I say it's, at least my perspective is, when you're first setting up the router,
you know, and if you want to like connect all your devices to it, and you want to make
it, you know, and you use WPS and you want to do that to make it easy, that's fine.
But once you do that initial setup, and you're not going to think about or touch your router
(21:17):
again, then I recommend turning it off.
Yeah.
Okay.
Because it's not like a huge gaping hole, but it can be exploited.
It's a little bit of a vulnerability that, in my opinion, is not, it's always a trade
off of convenience versus security, or often at least.
And my opinion is that it's not a good trade off.
(21:43):
Awesome.
And I shouldn't even say just my, it's pretty common, like you'll look at basic router settings
to change if you're trying to have maximum security, you'll see disabling WPS all over
the place.
Okay.
And the same is true.
So for this last setting, and we talked about this, I think, just a bit before, universal
(22:09):
plug and play.
Remember that phrase?
I think we talked about it in...
It sounds familiar, but let's rehash it a little bit.
Yeah.
So it's another one that is a convenience feature for setting up certain devices.
Okay.
I personally never used it, but searching online, it looks like making your Xbox, for
(22:32):
example, setup easier is a very common use case.
Okay.
For certain types of games and stuff like, and it lists, there's also sometimes printers
even I think it looked like to me, again, I've never actually used it, but what it does
(22:53):
is it can let individual devices ask the router to open up ports.
If you remember what that is, right?
We're basically saying, okay, accept some phone calls.
Yeah.
Right?
Yeah.
Because I need it.
Incoming calls come in.
Yeah.
(23:14):
And so that's how it can end up, you're basically letting devices in some cases ask the router
to open up ports and without you necessarily knowing about that.
And I never want to give the device, like if I want some specific thing open, I want
to make sure I do that myself very specifically.
(23:34):
Manually open that versus have it do it on its own.
Yep.
Makes sense.
Yeah.
Because it's just, it opens up again, and this is pretty common security advice out there.
There's not a lot of disagreement about that.
If you're trying to lock down your router, you want to turn that off because it just,
it opens up some additional points of attack for hackers.
(23:58):
So.
Okay.
Yeah.
That was seven.
Yeah.
Seven.
Let's review them real quick.
How quick can you spout those seven off?
I'll hold up the fingers.
Yeah.
So the router admin password, disabling remote administration, automatic firmware updates,
(24:21):
strong unique Wi-Fi password, unique Wi-Fi name, disable WPS, and disable universal plug
and play.
Obviously, a lot of times abbreviated as UPnP.
Okay.
So, yeah.
Well, and here's one thing about that list, too.
(24:42):
Another plug for our weekly emails that we send out along with the podcast is, you know,
you don't have to take notes.
Like, you don't have to remember that list that I just said.
If you just sign up for the emails, I'll send you out and I do all the most important things,
including the call to action summary, try to pack as much of, you know, these 20, 25
(25:06):
minutes into, you know, like a one minute worth of reading.
That's my goal is to have that email one minute and it'll definitely have those seven in there.
So just another plug for that email.
Yeah.
If you're not getting our emails, log in, you know, sign up for those.
We would love to be able to send you out our emails.
(25:27):
They're super easy.
Like, these are emails I enjoy, that I read, that I can handle.
Nice.
That's about as high praise as you get.
Nice.
Awesome.
Okay.
So, sign up for our emails.
What's going to be our call to action, though?
(25:48):
We've reached that time in our show.
We're already there.
Yeah.
Well, so your recap kind of did it for us because really it's just go adjust those settings
and the way we talked about, you know, most of them are just turning something off, but
obviously there's a couple that are also take a little more work because you've got to pick
a strong, unique password for them or the, you know, Wi-Fi name.
(26:12):
But yeah, that's it.
I think I looked at the questions too.
I think we covered those.
And so, you know, I think we're good for today's episode.
Awesome.
Awesome.
Well, let's segue into next episode a little bit.
We've talked about the external attacks on your home network.
(26:33):
So the ones that are coming from the internet, those incoming calls, right?
Incoming calls.
In our next episode, we're going to focus on the internal attacks, which are from the
devices inside your home.
Let's go.
Right?
I think most of us can comprehend the importance of safeguarding our devices in our own home.
(26:58):
This is something I think we could easily wrap our minds around, especially given that
we just did all the router stuff, you know, like we just talked about router and people
are like, or at least I was like, yes, routers, you know, access, I got to log into my router?
(27:19):
Like, this is going to be something that I think resonates well with everybody.
Look, we're going to focus on the internal attacks from the devices inside your home
network.
So there we go.
We have a ton of devices.
This is going to be awesome.
Yeah.
Well, and it may, you know, you might be asking, and we'll talk about this, but you know, why
(27:43):
are devices on my own home network attacking, right?
Right.
That's going to be, that's one of the big kind of questions.
So normally you'd expect all the devices to be friendly on your home network, right?
But there's reasons why that ends up not being the case sometimes.
So we just learned about it briefly with, you know, our Xbox being able to port out,
(28:07):
you know?
Yeah.
Yeah, that's true.
Well, yeah, that's not intentionally malicious, just maybe reckless.
But yeah.
Fair enough.
Yeah.
Okay.
Well, there you have it.
That was an awesome show, dude.
Yeah.
Thank you.
You too, man.
(28:27):
It's good stuff.
Appreciate all your questions and interjections a lot.
I think it helps a lot for listeners to make sure, keeping me simple.
Get on our email list.
It's super simple.
Yeah.
Amen.
(28:50):
Are you ready to take action and wondering where to start?
Get my Bulletproof MyIdentity Starter Kit for free.
The seven most vital layers of protection everyone needs.
I'll send you one step at a time and help you if you get stuck.
Just go to bulletproofmyid.com and enter your name and email and I will send you the first step.
(29:14):
Again, that's bulletproofmyid.com.
Popular Podcasts
United States of Kennedy
United States of Kennedy is a podcast about our cultural fascination with the Kennedy dynasty. Every week, hosts Lyra Smith and George Civeris go into one aspect of the Kennedy story.
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com