Q: When is it a good time to replace my current router with a new unit?
A: NOW! (Really)
What is a Router?
A router is a hardware network device that allows other devices (such as computers, tablets, mobile phones, printers, smart watches, smart doorbells, webcams, etc.) to connect to your local area network (LAN), and then trough the router, communicate with each other (such as sending a file to be printed, or opening a file on the server), and connect to the internet.
As the router is the hub of all of your network activity, a failure or hack at the router means a catastrophic failure of your network and all devices, and a potential hack of all your devices.
Why Replace My Router Now?
Network technologies have changed significantly in just the past few years. If your router is more than 2 years old, it very likely is no longer considered highly secure. This puts ALL of your data from ALL of your devices at risk.
In addition, many of the latest routers include additional security software to help monitor your devices and network for breaches. Earlier routers pretty much let data in and out without any examination.
At the enterprise level (large businesses) Cisco, Jupiter, HP are among the go-to providers of networking equipment. These units have always had security software built-in. They also typically have upgrade options to ensure your always have the latest and greatest features available to you.
This is why these units cost upwards of 5x the cost of prosumer models.
For the purposes of this blog, I’ll not discuss the enterprise, as it is a rarified field demanding one-on-one discussions for your particular environment.
But, for the home user and the small and medium-sized business, prosumer routers can have excellent performance and features, at very affordable prices.
Earlier wi-fi router models used WPA2 for their encryption protocol. Ratified in 2004, this was considered fairly secure. However, it could be hacked. Which is one of the reasons it was replaced in 2018 with WPA3 encryption. Routers with WPA3 capability started shipping in 2019.
Note: If you have older devices (computers, tablets, etc.), they also may be capable of using WPA2, but not WPA3. This makes your older device a security vulnerability. And if you don’t replace the older device, you will need to enable WPA2 on your router for the older device to use the network. This immediately makes the entire network vulnerable.
How to Enable WPA3
For almost all routers, enabling WPA3 is not much more than a tap. For this example, I’m using my favorite prosumer router, the ASUS GT-AXE11000.
- Open a web browser to the control panel of your router.
- Navigate to the Wi-Fi settings.
- Select WPA3-Personal.
- The router may restart to initialize the new encryption.
If you don’t see the option for WPA3, it is time to replace your router with a current model.
All consumer-grade, and most prosumer-grade routers lack significant network security beyond a rudimentary firewall. One of the reasons I love the ASUS line is the higher-end models include very good network security.
Here you can see how it protects the network by:
- Self-analysis, pointing the administrator to configurations that my not be fully secure.
- Logging the malicious sites users or malware have attempted to access and have been blocked.
- Two-Way IPS blocks attempts malicious packets from reaching your router or network devices.
- Infected Device Prevention and Blocking prevents infected devices from releasing your sensitive information.
Replacing Your Old Router With New
Older routers were pretty much a plug-and-play device, and any user could set it up.
The only downside to the newer security-conscious devices is they do require some reading to do the job right. And even then, I recommend hiring an IT professional to spend the hour or two to properly install and configure. In the case of the ASUS, there are over 100 settings that require attention.
Another Bonus With Your Upgrade–Speed
Although security is the main reason to upgrade your router, there is a bonus available – better performance and speed.
Older routers will typically max out on their wi-fi speed at 300, 600, perhaps 1000 mbs. In addition, they are limited to the 2.4 GHz and 5 GHz channels. The 2.4 GHz channel is overly crowded – sharing bandwidth with microwave ovens, garage door openers, wireless phones, bluetooth devices, and almost any other wireless device. Think of driving in Los Angeles freeway traffic. The posted speed limit may be 65 mph, but with bumper-to-bumper traffic, everyone is going 15 mph.
Newer routers will still have the legacy 2.4 GHz and 5 GHZ to support older devices, but may now include the 6 GHz channel. As this is newly opened, few devices use it, so it is just you and a few other cars on the freeway.
I just love it when with just a few mouse taps I can add a solid layer of security to all the devices under my roof. It’s just icing on the cake when it’s free!
All of the internet-connected devices under your roof need to communicate over the internet in order to function. This includes computers, tablets, smartphones, webcams, smartwatches, smart doorbells, smart thermostats, printers, and more.
With your computers, tablets, and smartphones, you can add a layer of protection against malware by installing quality antimalware software. But what about your printer, smartwatch, doorbell, thermostat… you get the picture. Each of these smart devices are open to a breach, and few offer any option to install or configure security.
The other possible problem is adult content. Should you be a parent that would prefer little Jane and Johnny to not have access to adult content, it can be a full-time job playing content cop.
All of your home and business devices must connect to the internet through your router. Inside of each router is a setting specifying which Domain Name Server (DNS) the router will use to learn where to direct this internet traffic. If a DNS server was knowledgeable about which web addresses held malware or adult content, the DNS could pass this info along to the router, blocking access to these sites.
Lucky you! There are DNS servers with this knowledge, and Cloudflare offers them at no charge.
The How To
If you would like to block known malicious and adult content sites from all of your home and business devices, you just have to change your router DNS settings. By default, most routers use your internet provider’s DNS servers. You will change this IP address to those of Cloudflare.
Every router has a unique interface. In the example below I’m using a CenturyLink Actiontec C3000A.
- Log in to the modem. If you aren’t familiar with the process, call your internet provider for instructions.
- From the menu bar, select Advanced Setup.
- From the sidebar, select DHCP Settings.
- In the main area of the page, scroll down to 5. Set the DNS servers allocated with DHCP requests.
- From this area, select Custom Servers.
- For malware only protection, set the Primary DNS to 126.96.36.199, and Secondary DNS to 188.8.131.52. For malware and adult content protection, set the Primary DNS to 184.108.40.206, and Secondary DNS to 220.127.116.11
- Tap the Apply button.
- Your modem may reboot. The protection will be in place immediately.
It’s Your Data… Protect It
Most people ignore their cybersecurity and internet privacy because they think it is too difficult or expensive. But what if it was fast, easy, and (almost) free? Our guides have been written by certified experts, with step-by-step illustrated instructions so that even a child can harden your security like a pro.
Visit https://thepracticalparanoid.com for the easiest, most comprehensive cybersecurity and internet privacy guides you can buy. Guaranteed!
A new study by Cyberreason has found that 80% of organizations that were hit with ransomware and paid to get the decryption key, were then hit once again with another ransomware.
Approximately 50% of the new attacks were from the original criminals, and 50% were from new criminals.
The study also found that the top two solutions to help prevent a successful attack are security awareness training and security operations.
From my 30+ years of experience, those organizations and individuals that do not implement security awareness training and security operations do so primarily because they believe it is too difficult, time-consuming, or expensive to do so.
That may be true if you have to meet HIPAA, SEC, or Federal Contractor compliance. But the individual, household, and business can successfully implement ransomware, hacking, cybersecurity, and internet privacy defenses in just one day!
The Practical Paranoid Security Essentials DIY books have been walking users with no technical background through securing their computers, tablets, phones, networks, data, and privacy for over eight years. Easy enough for junior high students and my 86 years old aunt Rose, and comprehensive enough for IT professionals.
The easiest, most comprehensive work of its kind. We even guarantee your satisfaction!
Visit ThePracticalParanoid.com to get your copy of the best-selling cybersecurity guide available.