I recently got Unifi, Telekom Malaysia’s High Speed Broadband service. It’s been awesome so far, but I realized the default configuration that TM installers set up is pretty unsecure. In this article, I’ll show you some essential steps you need to take to protect your Unifi network at home.

Why is the default configuration unsecure?

First, let’s have a look at why you need to protect your network. Or if you’re impatient, jump to the solution.

1. The router uses a default admin password (which is public knowledge)

The D-Link DIR-615 (the orange box) that TM supplies comes with a default password which anyone can find. Just try Googling for “dir-615 default password“.

2. There’s a 2nd ‘secret’ account to the router that many aren’t aware of

Yup, even I wasn’t aware of this – and I’m quite a techie. This 2nd operator account is meant for technicians to easily access your router if you forgot your admin password. Hat tip to the Unifi Handbook for pointing this out to me.

3. Your Unifi username is broadcast for all to see by default

If you see a WiFi network like the highlighted one above, you know that 1) it’s a Unifi network and 2) the username isdavidw.

Don’t bother, that’s not my real Unifi username

4. Your default wireless network password is on the bottom of the router

’nuff said.

5. TM sends you all your passwords via email

In your Unifi registration confirmation email, TM sends you all your passwords, unencrypted. This doesn’t directly affect your wireless network, but it’s just super insecure.

In summary, the combination of the above is like leaving your house unlocked — not very safe. It’s an invitation to hackers to get into your network and use your broadband for free. Worse, hackers can monitor your traffic, steal your passwords, credit card & bank info, etc. Sounds dramatic but it can really happen!

Secure your router settings

Ok, let’s lock down that Unifi network!First, connect your laptop directly to the router (the orange box). You can do the following on a wireless connection too, but you will be disconnected when making changes and need to re-connect.

Step 1: Change the default router passwords

Open up a web browser (e.g. Firefox) and go to this address: http://192.168.0.1. You’ll see the login screen to the router’s admin like below.

Login as operator. Here are the default passwords for operator, courtesy of the Unifi handbook:

telekom
h566UniFi
<your Unifi username in reverse order>

Once logged in, click on the Maintenance tab (at the top). You will then see a screen called Administrator Settings where you can change both the Admin and Operator password. (If you logged in as admin, you won’t see the option to change the operator password).

Change it to something that has 6 characters or more that includes numbers and letters. Write that down somewhere and keep it safe. Click Save Settings.

Congrats, you’ve just changed your router’s default passwords.

Step 2: Change your Wireless Network name and password

Next, click on the Setup tab. Then click on Wireless Setup in the sidebar.

The first thing we want to do is to change the SSID a.k.a. Wireless Network Name. Click on the Multiple Wireless Network Name Setup button (at the bottom of the screen).

On the next page, change the Wireless Network Name to something else, e.g.:

Don’t forget to save your settings.

Finally, we want to change the default wireless password. Go back to Setup » Wireless Setup and click the Manual Wireless Connection Setup button.

On the Wireless Network page, scroll all the way down and change the WPA/WPA2 password.

Click on Save Settings. Awesome, you’ve changed your wireless network name and the password. Because you’ve changed the network name and password, your laptop, iPhone and other devices will no longer be able to connect to your old network. Just add this new network and everything will work again as normal.

Don’t take security lightly

I’m sure that you lock your car, your house door and don’t leave your mobile phone lying around unattended. In the same way, if you have a wireless network at home, it’s your responsibility to keep it secure.

Those of you who are more technically inclined can check out the Unifi Handbook for more info and tips on securing your home network. A big thanks to rizvanrp who put the site together.

Finally I hope that you found my tutorial useful. Please tweet or share this article on Facebook. If you have questions, please ask me in the comments. Thanks!

Related posts:

1. Restarting MAMP when it gets stuck

WordPress was compromised. Matt Mullenweg says:

Long story short: If you downloaded WordPress 2.1.1 within the past 3-4 days, your files may include a security exploit that was added by a cracker, and you should upgrade all of your files to 2.1.2 immediately.

*Whine* Oh man… I write too many blogs to do it easily