Since the inception of internet routers have been a primary target for cybercriminals. Gaining access to routers remains quite easy in most cases for a cybercriminal because proper security practices are not used in most cases. Once an attacker gains access to your router, he can easily perform a number of activities with your computer. For example:
- He can redirect you to other websites
- He can monitor your activities on web
- He can block some (or all) websites for you
- And finally, he can even control your computer remotely.
In short, once someone gains access to your router he gains access to your life. So it’s crucial to ensure the security of your router. Of course, some of the most sophisticated security techniques like removal of all wireless SOHO routers can’t be employed by everyone, but there are some easy tactics too that anyone can employ for increasing the security of his/her router. Those tactics are given below:
- Keep remote management over the internet turned off: Embedded web servers often become vulnerability for the security of your router. You should mandate in your corporate security policy that remote management feature should be disabled on every router that connects to your corporate VPN.
- Avoid default IPs: Default IP ranges (which are usually predictable in nature) make CSRF attacks much easier. So instead of having an IP with 192.168.1.1, consider an IP address that’s not predictable (i.e. 10.9.8.7). This is a very simple yet very successful technique of avoiding a CSRF attack.
- Never forget logging out after configuring your router: When your router isn’t in use, it shouldn’t be logged in. Most routers don’t log out automatically when they’re not in use, which opens the door for CSRF attacks. Although some clever CSRF attacks can be executed successfully without even using the authentication, still this simple step can decrease the likeliness of such attacks.
- Turn off WPS and turn on encryption: Attacking a router becomes much easier if attacker can connect to it. Instead of using WPS for the security of your router, you should use AES backed WPA2. Protect it with a strong 26 characters long passkey.
- Passwords matter a lot: Never use a default password for your router. They’re often the same for entire product line. Also avoid weak passwords that relate to your life in some way or don’t contain a combination of letters, numbers and symbols.
- Keep firmware of your router up-to-date: Finally, ensure that the firmware of your router is up-to-date. Older firmware versions often fall prey to the attackers while newer ones come with fixes of security vulnerabilities. So check for the latest firmware on a regular basis and update if required.