A basic wireless router can have
massive security flaws. Also called SOHO routers (for small office, home office), they can be wide open for hackers even when fresh from the box and updated. Show How bad are they? Bad enough that one company is holding a contest just to highlight terrible router security. The contest, SOHOpelessly BROKEN, challenges the hacker community to find new, undisclosed vulnerabilities in 10 popular routers. It will take place next week at DEF CON 22, a hacker event in Las Vegas. Ready to secure your wireless router? Two approaches are below. Steps to improve router securityIf you must rely on a wireless router to manage and secure your network, then follow these steps to lock it down: 1. Update the firmwareGo to the manufacturer’s website and download the current software for the router. This will patch the disclosed security vulnerabilities that the manufacturer has bothered to address. Regularly check the website for new updates. 2. Require a passwordEncrypt traffic on the network with WPA2 (do not use WPA or WEP). Make the password at least 10 characters long and use a mix of uppercase, lower case, numeric, and special characters. 3. Change the SSIDIn Windows, the service set identifier (SSID) is the name you will see when the router is listed as an available wireless connection. Change this from the default ID to anything you like. 4. Enable MAC address filteringThis is a feature best handled by a security device such as AccessEnforcer. But if that is not an option, enable MAC address filtering on the router. Then register each device you want allowed on the network. This will prevent other devices from connecting. 5. Disable remote administrationThis will prevent anyone from logging into the router’s administration panel through a wireless connection. Only a machine plugged into the router with an ethernet cable will be able to log in. 6. Enable router firewallIdeally, you want a real security device to protect your network instead of flimsy SOHO router. But, if you’re stuck with only basic router security, then enable the firewall. It’s better than nothing. 7. Disable all guest networksSome routers have optional wireless connections that allow people to join without a password, giving them internet access without access to other resources like shared drives. Disable this feature. 8. Disable all other services, such FTP, that you do not useEvery feature enabled on a router is another potential way for hackers to break in. Limit your exposure by shutting off all unnecessary features and services. 9. Change the default IP address rangeBy picking a custom IP address range, you can avoid attacks directed at the millions of wireless routers that use the default settings. 10. Enable HTTPS for administrative connectionsNot all routers have this feature, but if possible, only allow administrative access over encrypted, HTTPS sessions. 11. Disable WPSWi-Fi Protected Setup (WPS) provides an easier way to secure and connect to a wireless network. Though widely used on consumer routers, WPS is not secure, so disable it. Note: You may have trouble disabling WPS. Some routers do not provide an option to disable it, and others have the option but it does not work. This is one of many reasons why you should not depend on a SOHO router for security. 12. *Bonus*Independent Security Evaluators, sponsor of the hacker contest mentioned above, has two more recommended practices in a related case study: After logging into a router for administration, always (1) Log out and restart the device, and (2) Clear browser cookies and active logins. Better Approach: Do not rely on router securityA basic wireless router is not enough to protect your network, so the best approach is to use it as little as possible. How? Use the router only as a wireless access point. Then use a security device like AccessEnforcer to direct and filter traffic on the network. With this approach, the router does not “route” traffic. It simply provides a wireless connection and allows a security device to handle the rest. That way you do not depend on spotty router security to protect you. Related resourcesWireless Router Security is Dangerous: 6 Reasons Top Threats: How to prevent Cryptolocker Top Threats: Heartbleed Bug in OpenSSL Top Malware Sites and Unsafe Servers Which three wireless router setting should be disabled as a security?Weak security settings to avoid on your router
WPA/WPA2 mixed modes. WPA Personal. WEP, including WEP Open, WEP Shared, WEP Transitional Security Network, or Dynamic WEP (WEP with 802.1X)
What security setting is best for wireless router?When choosing from among WEP, WPA, WPA2 and WPA3 wireless security protocols, experts agree WPA3 is best for Wi-Fi security. As the most up-to-date wireless encryption protocol, WPA3 is the most secure choice.
What router settings should you change?Here are 8 settings you need to change on your router before it's even connected to the Internet.. Use WPA2 or WPA3 but not WEP encryption. ... . Disable WPS, uPnP, and NAT-PMP. ... . Disable WAN Administrator Access. ... . Change SSID Name. ... . Change the Default WiFi Password. ... . Make Admin Password Different than the WiFi Password.. What is router security?Router security, however, involves protecting the network itself by hardening or securing the routers. Specifically, it addresses preventing attackers from: Using routers to gain information about your network for use in an attack (information leakage)
|