
OVERVIEW
There is a
significant growth in Internet connected computers in modern
society. Our society is reliant on this connectivity for
various reasons where some of it may include social
networking, checking mail, research work, business from home,
school work, etc. To facilitate the connectivity to the
Internet the Internet Service Providers (ISP) provide routers
which most of the time are wireless routers. These wireless
routers have become common household objects in our current
society.
To make
things easier for the end user these routers are provided with
pre-configured settings and with less concern to security
aspects. This may be done to make the ISP�s work easier and
also the end users are reluctant to spend time on advance
settings to secure their router.
Usually your
Internet connected router is always on and with not so secured
default settings. This leaves an opening for malicious
attackers to invade your home or office network. The following
steps will enhance the security of your router and will be
useful to decrease the attack surface.
Change
the Default Login Username and Password:
The
router comes with a default administrator user name and
password from the manufacturer settings. These default
usernames and passwords are readily available on the Internet
and user instruction manuals.
As a
precaution these user name and passwords should be immediately
changed during the initial installation.
A
strong password of 8 or more characters with a combination of
letters numbers and symbols must be used and it is advisable
to change it every month.
Turn
Off the router When Not in Use
This
is the strongest preventive method. While it may be
impractical to frequently turn the devices off and on, at
least consider doing so during extended periods of absence.
Limit
WLAN Coverage
You
WLAN has no physical boundaries there for if an attacker is
residing within the range of the wireless signals your network
is in danger. In the router configuration settings you can
limit the coverage to only the areas needed by adjusting the
signal strength.
Change
the Default SSID
A
service
Set Identifier (SSID) is a unique name that identifies a
particular Wireless LAN (WLAN). Don�t use the default name ,
location or any personal references for the SSID as this will
help the attacker to identify the device and plan to exploit
the vulnerabilities associated with that device.
Configure WPA2-AES for Data Confidentiality
Wireless
Equivalent Privacy (WEP) is no longer a secure protocol as
there has been some serious security flaws associated with it.
Use WPA and WPA2 which provide strong authentication and
encryption using dynamically changing keys. Use a long and
complicated pre shared key if you are using WPA-PSK mode.
Disable UPnP: Universal Plug and Play (UPnP)
This is
a convenient feature that allows networked devices to
seamlessly discover each other on the network and establish
communication, is also a security hazard. For example,
malware within your network could use UPnP to open a hole in
your router firewall to let intruders in. Therefore UPnP
should be disabled when not needed.
Use
Static IP Addresses or Limit DHCP Reserved Addresses if
possible.
By
configuring a suitable subnet network mask you can limit the
number of computers which can connect to the wireless network
Enable
Router Firewall
Most
home routers include an internal firewall feature. Ensure
this feature is activated and carefully configured to allow
only authorized users and services access to the network.
Use MAC
address filtering
This feature
on your router configuration will allow to white list the
approved devices which can connect to the wireless network.
|