Is Your Router Secure ?

Adam Milton-Barker | Nov 21, 2014 | Web Apps, Security & Hosting | 5196
Most people would trust that their router is secure and that all they have to do is plug it in, connect it to their computer and continue along their merry way surfing the internet without worry, right? WRONG! Although ISPs do offer some form of basic security set up on routers, they are far from internet ready and not many people know how they are risking their privacy and security, or how to make sure that the configuration is set up correctly. The following is a short guide I have put together from experience that points out some of the key steps you should take to make sure that naughty people are not accessing your computer and stealing your personal data, the guide is not meant to be a be all end all guide, but from the points given here you should be able to search in more detail on Google. If you find the guide hard to follow you should get someone that knows more about this type of thing or hire a professional, do not carry out these steps if you do not know what you are doing. Every router setup and network is different and this guide is only a guide. No network is unhackable, but the trick is to make it as hard as possible for people to access yours. Again I must stress please do not attempt to cary out any steps on this guide without doing your own further reading or hiring a professional. DEFAULT PASSWORDS: There are two types of passwords on your router, an admin password and a user password. By default the admin user name and password will be set to something silly like 1234, and the same for the user password. Make sure you change all three of these settings to something secure and do not use anything that can be guessed such as pet names or street names you grew up on. A secure password contains a combination of upper/lower case letters, numbers and symbols, again the longer this password and the more combinations of letters/numbers/symbols the better the protection. WIRELESS NETWORK SETUP. Ideally you should disable wireless access as it is one of the easiest ways that hackers can login to your network. If you do decide to allow people to connect to your network using WiFi then check that you have done the following: 1. CHANGE THE DEFAULT SSID: This is a very important step to securing your wireless connection, a lot of default SSIDs allow attackers to identify the type of router you have, so make sure you change it to something else and try not to make it so that the name can help anyone identify that it is your router. 2. ENABLE WPA2 ENCRYPTION: This is the MOST important step to take, WEP and WPA encryption are very easily hackable, a good source told us it is possible to crack WEP in under 5 minutes leaving your network entirely vulnerable. Make sure you set your encryption to WPA2 and choose PSK string as your WPA type. 3. CHANGE YOUR PSK STRING TO A SECURE PASSWORD: Also a very important step to take! Your PSK is the password that lets people access your wireless network you need to generate a VERY secure password, the longer the better, and do not use anything that is personal to you like a street name or anything that a person can guess. Our trusted source told us if you use a password that is at least 25 characters long it would take a couple of years for it to broken down by brute force in comparison to a an 8 character code that can be broken in minutes. 4. DISABLE WIFI PROTECTED SETUP (WPS): The last step in our WiFi security guide is to advise you to disable WPS which allows you to connect using a pin rather than a password. DISABLE REMOTE ADMINISTRATION ACCESS: It is possible that your router will allow your ISP to remote login and change your settings on your router. This is normally used for support but presents a security flaw so you should change the settings of your router to not allow HTTP, FTP, TELNET and SAMBA. This will mean if you need help you will either have to re-allow the permissions for your ISP to help you or if worse comes to worse, reset the router if you ever need help. ENABLE MAC FILTERING BY DEFAULT: This is a very good way of ensuring that only devices you allow can access your network, whether by wireless or if you are hardwired using Ethernet cables. The steps to setting this up are as follows: 1. FIND THE MAC ADDRESS OF EACH DEVICE YOU WANT TO CONNECT TO YOUR NETWORK: Each device has a MAC address you can find these by running ipconfig/all from command prompt in windows and they are marked as the physical address of the device. Mobiles and Tablets also have MAC addresses, please search the internet to find out how to find a MAC address for a particular device. A MAC address will look something like this and can contain a mixture of letters and numbers: 00:00:00:00:00:00 2. ADD THE MAC ADDRESS TO YOUR MAC FILTERS: You can choose to add the MAC address as allowed or disallowed. In this case you want to allow only MAC addresses you input, once you input the first address any other device that is connected to your network should not be able to connect to the internet until you add the relevant MAC address to the allow list. FIREWALLS: Your router should have a firewall available that can protect your router called SPI (Stateful Packet Inspection). You should enable this feature and optionally enable DOS and Portscan Protection, some of the features of DOS and Portscan Protection could affect your system, for instance with our system it would not let us connect securely to our Microsoft account. Again if you are not sure what you are doing, please ask or hire an expert. OTHER SECURITY SETTINGS: There are several other settings that you can disable such as UpnP, Samba, Print Sharing and TR069, please search for more information of these settings as they go a bit further than the intentions of this article. A useful test to check the stealth of your router can be found on the Internet Port Vulnerability Profiling feature on Shields up using the following link: https://www.grc.com/x/portprobe=32764 CONCLUSION: If you ensure that your router has these basics in place you will increase your security immensely! Security is not a joke anymore and it is no longer acceptable to not take it seriously, please spend some time, as I had, to learn about network security as hiring professionals can be costly. I will always keep you up to date with as much information as possible that will help you to stay secure both on an and offline. Feel free to checkout the rest of our security blog for more information on how to stay safe in the world of modern technology.