Security Measures Quick Start Guide (Synology Router)

Why should you care about router security?

Routers transfer data packets between devices and networks. A compromised router can leak configuration details, or even cause security breaches on any device with which it communicates. Thus, it is crucial to keep your router well-protected.

This article will provide you with various methods to strengthen the security of your Synology Router.

Note:

The steps in this article are based on SRM, the operating system of Synology Router. If you are seeking advice for safeguarding DSM (Synology NAS), refer to this guide.

Protect your sign-in information

Safeguard your local networks

Hide your SRM

Restricting access to your Synology Router's management portal improves network security. If you want your SRM to be accessible only from within your local networks, follow the steps below:

Go to Control Panel > System > SRM Settings.
Untick Allow external access to SRM.

If you want to hide SRM while allowing external access to your Synology Router, use the following steps instead:

Go to Control Panel > System > SRM Settings.
Change the Default Port Numbers of the SRM management portal.

Note:

If you have trouble finding your SRM after the above configuration, use the following steps:
1. Connect your computer to a Synology Router's LAN port.
2. Enter "router.synology.com" in a web browser to search for your SRM.

Encrypt your Wi-Fi

Secure passwords alone are not enough to keep your Wi-Fi networks safe. Make sure each of your Wi-Fi SSID is configured with a strong encryption protocol (e.g., WPA2 or WPA3).

SRM 1.3: Go to Wi-Fi Connect > Wi-Fi Settings > Wi-Fi Network > Specify a network > Edit. Select an encryption protocol from the Security level drop-down menu.
SRM 1.2: Go to Wi-Fi Connect > Wireless > Wi-Fi. Select an encryption protocol from the Security level drop-down menu.

Share guest Wi-Fi only

A guest Wi-Fi is an isolated wireless network created for non-regular users. Share only the guest Wi-Fi with visitors. In so doing, you can provide Internet access while preventing unwanted access to your private networks.

By default, a deactivated guest Wi-Fi network will be created for you. To learn how to configure it, refer to the respective help articles for SRM 1.3 and SRM 1.2.

Set up a local network only for IoT devices (SRM 1.3 or above)

Enacting IoT security measures is a must if any home appliance is connected to your Synology Router's networks. IoT devices may have various vulnerabilities (e.g., hardcoded passwords), so we suggest isolating them from your primary network.

To set up a virtual local network only for IoT devices, refer to Synology VLAN Deployment Quick Start Guide.

Shield your device and stay alert

Protect against unwanted access

Protect Internet behaviors via Safe Access

Detect malicious attacks via Threat Prevention

Further reading

Was this article helpful?

Yes ／ No