Many consumers are unaware that their internet routers are among the most critical technological gadgets in their houses, along with home security cameras, home alarm systems, and wireless security cameras. Routers link the devices together and also to the world out there, giving the hackers a highly advantaged position that they frequently seek to compromise.
The number of botnets made of hijacked routers has grown in recent years. These botnets have been utilized by criminals and sophisticated state-sponsored attackers to wage assaults against businesses and organizations. Unfortunately, many consumer and small-business routers ship with insecure default configurations, undocumented backdoor accounts, legacy services exposed, and software rife with fundamental defects. Some of these issues are beyond the control of users, but they can take steps to secure these devices from large-scale, automated attacks.
Don’t make your router a tempting target for hackers.
Change the default administrator password.
Many routers ship with default administrator passwords just like the wireless security cameras, home alarm systems, and attackers continually attempt to access equipment using these well-known credentials. After connecting to the router’s administration interface for the first time using your browser — the address should be the default IP address of the router, which can be located on the router’s bottom sticker or in the set-up instructions. Make it a point to update the password first.
If HTTPS access to the router interface is available, enable it.
When your management work is complete, always log out. Then, when interacting with the router, use the browser in incognito or private mode to ensure that no session cookies are left behind and never enable the browser to remember the router’s login and password.
Change the default LAN IP address that comes with the router.
Routers will most certainly be allocated the first address in a preset net-block, such as 192.168.0.1. If you’re given a choice, alter it to 192.168.0.99 or something else that’s easy to remember and isn’t in the DHCP pool. The router’s full net-block can also be changed to a non-default one, such as 192.168.10.x instead of 192.168.0.x. This prevents CSRF (CrossSite Request Forgery) attacks, which hijack users’ browsers when they visit malicious websites and attempt to access routers through them by utilizing the default IP addresses usually allocated to such devices.
Use a DNS service provider that focuses on security.
By default, your router will be set to forward Domain Name System (DNS) queries to your ISP, implying that you must rely on your ISP to provide a secure DNS lookup service. Because DNS serves as the internet’s phone book, discovering the IP addresses of the websites you want to visit, hackers frequently use it to guide visitors to malicious websites in a discreet manner. Companies such as Google, Cloudflare, OpenDNS (Cisco), and others provide publicly available DNS resolvers focused on security and even have encrypted versions.
Choose a complicated Wi-Fi password and a robust security protocol
such as WPA2 (Wi-Fi Protected Access II) or the newer WPA3, as previous WPA and WEP versions are vulnerable to brute-force assaults. Create a guest wireless network secured with WPA2 or WPA3 and a strong password if your router supports it. Instead of your primary network, use this separate guest network for guests and friends. These people may not have criminal intent, but their machines may have been infiltrated or infected with malware before visiting your network.
Turn off WPS (Wi-Fi Protected Setup)
This is a seldom-used feature to make it easier for users to establish Wi-Fi networks, often by entering a PIN printed on a sticker. However, years ago, severe weakness in several vendor implementations of WPS was discovered, allowing hackers to breach into networks. Because determining whether individual router models and software versions are susceptible is difficult, it’s recommended to disable this function if feasible. Instead, use the router’s web-based administration interface to set up Wi-Fi with WPA2 and a specific password – no WPS required.
Limit the number of internet services to which your router has access.
This is especially true if you haven’t enabled those services and have no idea what they do. Telnet, Universal Plug and Play, SSH (Secure Shell), and HNAP (Home Network Administration Protocol) services should not be accessible through the internet since they offer significant security hazards. They should also be disabled on the local network if required.
Keep the firmware on your router up to date.
Some routers enable you to check for firmware upgrades through the administration interface, and a few even provide automated updates. However, due to changes made to the manufacturer’s servers over time, these checks may sometimes be broken. Therefore, it’s an excellent idea to frequently check the vendor’s support page for updates for your router model. These updates must be manually downloaded and flashed through the router’s web-based management interface.
Increase the lifespan of your router.
Routers, unlike smartphones, are not something that people replace every two years. However, router manufacturers are not explicit about the projected support life of their devices or the frequency of firmware upgrades. As a result, customers end up purchasing a model that has been there for a long time and has already gone out of service or is about to! Furthermore, a no longer supported router is unlikely to get any security fixes, especially those of severe vulnerabilities.
Conclusion
- Remember to perform proper cyber-security hygiene to keep your home router secure
- Maintain software updates and enable automatic upgrades. Patches and new versions for operating systems and apps are frequently published to address security flaws.
- Protect your devices with lengthy, difficult-to-guess passwords that are all unique. A password administrator can assist you with this.
- Ascertain that your gadgets are well-protected by comprehensive antivirus software.