I recently got Unifi, Telekom Malaysia’s High Speed Broadband service. It’s been awesome so far, but I realized the default configuration that TM installers set up is pretty unsecure. In this article, I’ll show you some essential steps you need to take to protect your Unifi network at home.
Why is the default configuration unsecure?
First, let’s have a look at why you need to protect your network. Or if you’re impatient, jump to the solution.
1. The router uses a default admin password (which is public knowledge)
The D-Link DIR-615 (the orange box) that TM supplies comes with a default password which anyone can find. Just try Googling for “dir-615 default password“.
2. There’s a 2nd ‘secret’ account to the router that many aren’t aware of
Yup, even I wasn’t aware of this – and I’m quite a techie. This 2nd
operator account is meant for technicians to easily access your router if you forgot your admin password. Hat tip to the Unifi Handbook for pointing this out to me.
3. Your Unifi username is broadcast for all to see by default
If you see a WiFi network like the highlighted one above, you know that 1) it’s a Unifi network and 2) the username isdavidw.
Don’t bother, that’s not my real Unifi username 🙂
4. Your default wireless network password is on the bottom of the router
5. TM sends you all your passwords via email
In your Unifi registration confirmation email, TM sends you all your passwords, unencrypted. This doesn’t directly affect your wireless network, but it’s just super insecure.
In summary, the combination of the above is like leaving your house unlocked — not very safe. It’s an invitation to hackers to get into your network and use your broadband for free. Worse, hackers can monitor your traffic, steal your passwords, credit card & bank info, etc. Sounds dramatic but it can really happen!
Secure your router settings
Ok, let’s lock down that Unifi network!First, connect your laptop directly to the router (the orange box). You can do the following on a wireless connection too, but you will be disconnected when making changes and need to re-connect.
Step 1: Change the default router passwords
Open up a web browser (e.g. Firefox) and go to this address: http://192.168.0.1. You’ll see the login screen to the router’s admin like below.
operator. Here are the default passwords for
operator, courtesy of the Unifi handbook:
Once logged in, click on the Maintenance tab (at the top). You will then see a screen called Administrator Settings where you can change both the Admin and Operator password. (If you logged in as admin, you won’t see the option to change the operator password).
Change it to something that has 6 characters or more that includes numbers and letters. Write that down somewhere and keep it safe. Click Save Settings.
Congrats, you’ve just changed your router’s default passwords.
Step 2: Change your Wireless Network name and password
Next, click on the Setup tab. Then click on Wireless Setup in the sidebar.
The first thing we want to do is to change the SSID a.k.a. Wireless Network Name. Click on the Multiple Wireless Network Name Setup button (at the bottom of the screen).
On the next page, change the Wireless Network Name to something else, e.g.:
Don’t forget to save your settings.
Finally, we want to change the default wireless password. Go back to Setup » Wireless Setup and click the Manual Wireless Connection Setup button.
On the Wireless Network page, scroll all the way down and change the WPA/WPA2 password.
Click on Save Settings. Awesome, you’ve changed your wireless network name and the password. Because you’ve changed the network name and password, your laptop, iPhone and other devices will no longer be able to connect to your old network. Just add this new network and everything will work again as normal.
Don’t take security lightly
I’m sure that you lock your car, your house door and don’t leave your mobile phone lying around unattended. In the same way, if you have a wireless network at home, it’s your responsibility to keep it secure.
Finally I hope that you found my tutorial useful. Please tweet or share this article on Facebook. If you have questions, please ask me in the comments. Thanks!