[Wireless] How to make my router more secure?
To provide you more detailed instruction, you can also click ASUS Youtube video link below to know more about How to make my Router more secure.
https://www.youtube.com/watch?v=cYKG28jtXz4
General Setting
1. Set your wireless network encryption as WPA2-AES
After QIS (Quick Internet Setup), the system sets WPA2-AES as your default encryption. Although the system provides multiple encryptions, we suggest you keep your system in WPA2-AES encryption if there is no special requirement.
2. Set up separate passwords for your wireless network and Web GUI
In QIS (Quick Internet Setup), we will ask users to set up a password for your wireless network and an admin password. Please use two different passwords to prevent someone who knows the wireless network password from logging in ASUS router setting page(Web GUI).
[Wireless Router] How to modify Wireless(WiFi) Name and Password in ASUS Router
[Wireless Router] How to change ASUS router / ExpertWiFi router login name and password
3. Use long and more complex passwords
Use passwords with more than 8 characters mixed with capitalized letters, numbers, and special characters to increase the security level of your devices. Do not use passwords with consecutive numbers or letters, such as 12345678, abcdefgh, or qwertyuiop.
4. Update your router to the latest firmware
New version of firmware usually includes new security fixes. Check if there is any new firmware available via ASUS router setting page(Web GUI) or ASUS Router app.
[Wireless Router] How to update the firmware of your router to the latest version
5. Enable the firewall
Firewall setting page is in Advanced Settings. The default value is enabled. Please do not disable the firewall if there is no special requirement.
[Wireless Router] Introduction of Firewall on ASUS router
6. Enable AiProtection
Enable AiProtection if your device supports this function. It protects your router and LAN devices from potential threats and increases the security level.
For more information ,please visit ASUS Network Security – AiProtection and Router Security | ASUS Global
7. Disable the access from WAN
Access from WAN allows you to access your router from the Internet. The default value of this function is disabled. Do not enable this function if there is no special requirement. Visit Advanced Settings > Administration > Remote Access Config for configuration.
8. Disable Telnet and SSH
Telnet and SSH allow you to use Linux commands to control your router. The default value of this function is disabled. Do not enable this function if there is no special requirement. Go to Advanced Settings > Administration > Service for configuration.
9. Do not enable DMZ
If your LAN devices need to provide service to other external devices such as FTP servers, video servers and file servers, please set up Port Forwarding rules for each service. Do not enable this function if there is no special requirement to do so. Some P2P software forums suggest users add PC IP to DMZ, but it increases the risk of getting attacked. We highly suggest not to do so.
10. Enable DNS Rebind protection
Enabling this feature allows the router to inspect the results of DNS resolution for anomalies or incorrect IP addresses through its DNS service program, thus preventing potential attacks.
[Wireless Router] How to set up an Internet Connection?(WAN connection types)
Advanced Setting
1. Enable https to log in ASUS router setting page(Web GUI)
Https is a standard HTTP protocol covered with a layer of SSL/TLS encryption when you are using WPA-AES encryption. ASUS router setting page(Web GUI) with WPA-AES encryption default connects you with http considering its ease-of-use. You can visit Advanced Settings-> Administration-> System-> Local Access Config to change Authentication Method to https. After enabling https, remember to manually input https:// in the beginning of the URL, and add port number 8443(default port) at the end of the URL (http://www.asusrouter.com:8443).
Because routers use self-signed certificates, the browser will show the warning message as shown in the following screenshot. You can ignore the warning because your router is a trusted device. Please click Advanced and visit ASUS router setting page(Web GUI).
*When you see this warning with connecting to other websites instead of ASUS router setting page(Web GUI), please stay alert. This might be a dangerous website.
2. Only allow specified IP address to log in ASUS router setting page(Web GUI)
Go to Advanced Settings > Administration > System > Specified IP Address to allow specific IP to login to the ASUS router setting page(Web GUI). This will increase the security level for your network.
3. Disable UPnP
Some devices use the UPnP for the ease-of-use. For compatibility, ASUS router setting page(Web GUI) default enables UPnP. Users can visit Advanced Settings > WAN > Basic Config > Enable UPnP to disable UPnP. You can keep UPnP disabled if there is no trouble that occurs after disabling it.
4. Setting up the Wireless MAC Address Filter for your wireless network
If your connecting client does not always change, you can set up a white list in the Wireless MAC Address Filter that only allows the specified MAC address to get connected to your router. Visit Advanced Settings > Wireless > Wireless MAC Filter > Change MAC filter mode to Accept and add specific MAC address to your list. Only those devices in the list are allowed to connect to your router.
[Wireless Router] How to set up Wireless MAC Filter on ASUS Router(WiFi Deny List)
How to get the (Utility / Firmware)?
You can download the latest drivers, software, firmware and user manuals in the ASUS Download Center.
If you need more information about the ASUS Download Center, please refer this link.