[ad_1]
A security researcher once discovered a backdoor in many D-Link routers, allowing anyone to access the router without knowing the username or password. This wasn’t the first router security issue and it won’t be the last.
To protect yourself, you need to make sure your router is configured securely. This is more than just enabling Wi-Fi encryption and not hosting an open Wi-Fi network.
Disable remote access
Routers offer a web interface, allowing you to configure them through a browser. The router runs a web server and makes this web page available when you are on the router’s local network.
However, most routers offer a “remote access” feature that allows you to access this web interface from anywhere in the world. Occasionally, firmware bugs or issues have surfaced that make remote access-enabled routers vulnerable to attack. If you have remote access disabled, you will be safe from people remotely accessing your router and tampering with it.
To do this, open the web interface of your router and find the function “Remote Access”, “Remote Management” or “Remote Management”. Make sure it’s disabled – It should be disabled by default on most routers, but it’s good to check.
update firmware
Just like our operating systems, web browsers, and any other software we use, router software isn’t perfect. Router firmware, essentially the software that runs on the router, can have security flaws. Router manufacturers may release firmware updates that fix such security holes, though they quickly discontinue support for most routers and move on to later models.
Most newer routers have an auto-update feature just like Windows and our web browsers. However, if your router is a bit older, you may need to check your router manufacturer’s website for a firmware update and install it manually through the router’s web interface. Check that your router has the latest available firmware installed.
Change default login credentials
Many routers have default login credentials that are quite obvious, such as the password “admin”. If someone gained access to your router’s web interface through some kind of vulnerability or simply by logging into your Wi-Fi network, it would be easy to log in and manipulate your router’s settings.
To prevent this, change the router password to a non-default password that an attacker cannot easily guess. Some routers even allow you to change the username you use to log in to your router.
Block Wi-Fi access
RELATED: Don’t get a false sense of security: 5 insecure ways to protect your Wi-Fi
If someone gains access to your Wi-Fi network, they could try to tamper with your router, or just do other bad things like snoop around your local file shares or use your connection to download copyrighted content and cause you trouble. Running an open Wi-Fi network can be dangerous.
To avoid this, make sure your router’s Wi-Fi is secure. This is pretty simple: set it to use WPA2 or WPA3 encryption and use a reasonably strong passphrase. Do not use the weakest WEP encryption or set an obvious passphrase as “password”.
Disable UPnP
RELATED: Is UPnP a security risk?
A variety of UPnP flaws have been found in consumer routers. Tens of millions of consumer routers respond to UPnP requests from the Internet, allowing attackers on the Internet to configure your router remotely. Flash applets in your browser could use UPnP to open ports, making your computer more vulnerable. UPnP is quite insecure for a variety of reasons.
To avoid UPnP-based issues, disable UPnP on your router through its web interface. If you use software that needs ports forwarded, such as a BitTorrent client, game server, or communications program, you’ll need to forward ports on your router without relying on UPnP.
Log out of the router’s web interface when you’re done configuring it
Cross-site scripting (XSS) flaws have been found on some routers. A router with such an XSS flaw could be controlled by a malicious web page, allowing the web page to configure settings while you are connected. If your router is using your default username and password, it would be easy for the malicious web page to gain access.
Even if you changed your router password, it would be theoretically possible for a website to use your logged in session to access your router and modify its settings.
To avoid this, simply log out of your router when you’re done setting it up; if you can’t, you may want to clear your browser’s cookies. This isn’t something to be overly paranoid about, but logging out of your router when you’re done using it is a quick and easy thing to do.
Change the local IP address of the router
If you’re really paranoid, you might be able to change the local IP address of your router. For example, if your default address is 192.168.0.1, you can change it to 192.168.0.150. If the router itself were vulnerable and some kind of malicious script in your web browser tried to exploit a cross-site scripting vulnerability, by accessing known vulnerable routers at their local IP address and manipulating them, the attack would fail.
This step isn’t completely necessary, especially since it wouldn’t protect against local attackers: if someone was on your network or if software was running on your PC, they could determine your router’s IP address and connect to it.
Install third-party firmware
If you really care about security, you can also install third-party firmware, such as DD-WRT or OpenWRT. You will not find dark backdoors added by the router manufacturer in these alternative firmwares.
If you have particular ambitions, you can even build your own router using an old (or new) computer using a high-end network interface card and software like pfSense or OPNsense.
Consumer routers have improved substantially in the last ten years. They usually have automatic firmware updates, more routers now force users to change their default passwords, they have more features, and the newer security protocols are undoubtedly superior to the older ones. Despite all the improvements, routers (and combined modem and router units) still represent a prime target for malicious attacks, especially if their security is lax. Do yourself a favor: take 15 minutes and make sure you do everything you can to keep your network secure.
[ad_2]
