Almost everything you read or hear about routers includes a sentence or two about router security. The focus is generally on this essential piece of hardware as the first line of defense in an internet-connected world. Many medium-sized companies and large corporations take this into account when they purchase and set up their network infrastructure.
They tend to be in a financial position that allows them to buy top-shelf equipment, including the best wireless router. In addition, these companies normally have individuals on staff whose daily tasks include making sure IT systems are secure. This task covers a number of important facets, one of which involves making necessary changes to router settings and updating firmware.
Unfortunately, the non-professional who relies on wireless networks and must maintain a reliable Internet connection and some control over his or her data doesn’t always have the funds or the expertise to properly secure a home system.
DIFFERENT LEVELS OF SECURITY
No system is completely hacker-proof, so the appropriate level of effort to secure it depends on how attractive a target it is. If the router is part of a system providing limited services, such as personal email and online information searches, security may not be a top priority. Free WiFi, anyone? In this case, security is sort of assumed to be implemented at the device- instead of the network-level.
THE AVERAGE HOME OR SMALL BUSINESS NETWORK
A network that is used to access online banking or shopping does indeed have to be secured. This is certainly the case with someone who is a professional working from home and relying on an uninterrupted, and uncorrupted, connection to the rest of the world. Security is more important in this case, of course, but hacking is generally not a major issue.
Enabling WPA2 encryption, choosing a non-trivial password, and changing the SSID (network name) to something unique, which also affects the strength of the encryption, will generally be sufficient. This may seem basic to those with more experience, but it will be of great importance to the home user.
EVALUATING YOUR SECURITY
All of these individuals, whether using the internet for amateur or professional purposes, will benefit from having the best wireless router they can afford. This can be a serious issue in a retail market where routers are often designed and bought based on price alone.
Studies have shown that many of the popular wireless routers found on retailers’ shelves are vulnerable to a hacker with only mediocre skills. In this study, research personnel found that 85 percent of tested home networks were vulnerable, with an average of 1.8 vulnerabilities per network. Frighteningly, gathering these results relied on easily available software tools, and the vulnerabilities mentioned could easily be fixed or worked around.
This software is called RouterCheck, and though it runs as an Android app, it communicates with a server in the cloud, so it sees the same avenues of attack a hacker would. Using this tool to check your own home or business network for security is not difficult, and it will even suggest remedial measures. The most common flaws found in this study were WPS-enabled ping requests being responded to from the router’s IP and, unsurprisingly, weak admin passwords.
NEXT STEPS
One of the basic measures involves turning on the router’s firewall. While this is common knowledge among corporate tech professionals and knowledgeable semi-professionals working from home, it is sometimes overlooked by the end user working at home.
Next, if your router allows admin logins via wireless, this should be disabled. It’s far more difficult for a hacker to gain access to a wired port than park across the street from your building. Also, disable WPS – it really makes life no easier while potentially leaving a gaping hole in your network.
You may also want to look into establishing a virtual private network (VPN). This was much more expensive in years past, and it was only used by some of the more successful corporations. However, it is possible to have your own VPN today for a small fee paid monthly. When shopping for a quality router, find out if it supports personal VPN at router level. You may be able to gain protection without setting up VPN software on a computer. This of course assumes that the WiFi side is secure.
Buying a top-shelf router with plenty of features is one of the keys to success in making a router more difficult to hack. But a newly released model hasn’t yet been exposed to third-party security testing, and its firmware is probably still a work in progress. It is far better to pick a model that’s been on the market for a few months and doesn’t have reams of CVE entries.
But if you want to take security to the next level, you may want to consider using open-source firmware for your router. Router manufacturers often take an unacceptably long time to produce updates for security issues and fail to publicize them when they’re released. Experience shows that open-source products are generally more secure than the stock software that comes with a router off the shelf. On the downside, installing third-party firmware is not something unskilled users should attempt, and the firmware itself is often buggy.
You don’t have to be an electronics wizard or a computer expert to shore up your first line of defense – the wireless router. Follow these few simple steps, and if you’re still not sure, ask a knowledgeable friend for assistance. It’s that important.
Source: https://www.tripwire.com