Skip to main content

Secure Your Wireless Router: 8 Things You Can Do Right Now

Secure Your Wireless Router: 8 Things You Can Do Right Now

A security researcher recently discovered a backdoor in many D-Link routers, allowing anyone to access the router without knowing the username or password. This isn’t the first router security issue and won’t be the last.
To protect yourself, you should ensure that your router is configured securely. This is about more than just enabling Wi-Fi encryption

Disable Remote Access

Routers offer a web interface, allowing you to configure them through a browser. The router runs a web server and makes this web page available when you’re on the router’s local network.
However, most routers offer a “remote access” feature that allows you to access this web interface from anywhere in the world. Even if you set a username and password, if you have a D-Link router affected by this vulnerability, anyone would be able to log in without any credentials. If you have remote access disabled, you’d be safe from people remotely accessing your router and tampering with it.
To do this, open your router’s web interface and look for the “Remote Access,” “Remote Administration,” or “Remote Management” feature. Ensure it’s disabled — it should be disabled by default on most routers, but it’s good to check.

disable-router-remote-access

Update the Firmware

Like our operating systems, web browsers, and every other piece of software we use, router software isn’t perfect. The router’s firmware — essentially the software running on the router — may have security flaws. Router manufacturers may release firmware updates that fix such security holes, although they quickly discontinue support for most routers and move on to the next models.
Unfortunately, most routers don’t have an auto-update feature like Windows and our web browsers do — you have to check your router manufacturer’s website for a firmware update and install it manually via the router’s web interface. Check to be sure your router has the latest available firmware installed.

router-firmware-update

Change Default Login Credentials

Many routers have default login credentials that are fairly obvious, such as the password “admin”. If someone gained access to your router’s web interface through some sort of vulnerability or just by logging onto your Wi-Fi network, it would be easy to log in and tamper with the router’s settings.
To avoid this, change the router’s password to a non-default password that an attacker couldn’t easily guess. Some routers even allow you to change the username you use to log into your router.

change-router-admin-password

Lock Down Wi-Fi Access

 

If someone gains access to your Wi-Fi network, they could attempt to tamper with your router — or just do other bad things like snoop on your local file shares or use your connection to downloaded copyrighted content and get you in trouble. Running an open Wi-Fi network can be dangerous.
To prevent this, ensure your router’s Wi-Fi is secure. This is pretty simple: Set it to use WPA2 encryption and use a reasonably secure passphrase.

with such an XSS flaw could be controlled by a malicious web page, allowing the web page to configure settings while you’re logged in. If your router is using its default username and password, it would be easy for the malicious web page to gain access.
Even if you changed your router’s password, it would be theoretically possible for a website to use your logged-in session to access your router and modify its settings.
To prevent this, just log out of your router when you’re done configuring it — if you can’t do that, you may want to clear your browser cookies. This isn’t something to be too paranoid about, but logging out of your router when you’re done using it is a quick and easy thing to do.

Change the Router’s Local IP Address

If you’re really paranoid, you may be able to change your router’s local IP address. For example, if its default address is 192.168.0.1, you could change it to 192.168.0.150. If the routeArticle]



Disable UPnP

A variety of UPnP flaws have been found in consumer routers. Tens of millions of consumer routers respond to UPnP requests from the Internet, allowing attackers on the Internet to remotely configure your router. Flash applets in your browser could use UPnP to open ports, making your computer more vulnerable. UPnP is fairly insecure for a variety of reasons.
To avoid UPnP-based problems, disable UPnP on your router via its web interface. If you use software that needs ports forwarded — such as a BitTorrent client, game server, or communications program — you’ll have to forward ports on your router without relying on UPnP.

disable-upnp-on-router

Log Out of the Router’s Web Interface When You’re Done Configuring It

Cross site scripting (XSS) flaws have been found in some routers. A router with such an XSS flaw could be controlled by a malicious web page, allowing the web page to configure settings while you’re logged in. If your router is using its default username and password, it would be easy for the malicious web page to gain access.
Even if you changed your router’s password, it would be theoretically possible for a website to use your logged-in session to access your router and modify its settings.
To prevent this, just log out of your router when you’re done configuring it — if you can’t do that, you may want to clear your browser cookies. This isn’t something to be too paranoid about, but logging out of your router when you’re done using it is a quick and easy thing to do.

Change the Router’s Local IP Address

If you’re really paranoid, you may be able to change your router’s local IP address. For example, if its default address is 192.168.0.1, you could change it to 192.168.0.150. If the router itself were vulnerable and some sort of malicious script in your web browser attempted to exploit a cross site scripting vulnerability, accessing known-vulnerable routers at their local IP address and tampering with them, the attack would fail.
This step isn’t completely necessary, especially since it wouldn’t protect against local attackers — if someone were on your network or software was running on your PC, they’d be able to determine your router’s IP address and connect to it.

change-router-ip-address


Install Third-Party Firmwares

If you’re really worried about security, you could also install a third-party firmware such as DD-WRT or OpenWRT. You won’t find obscure back doors added by the router’s manufacturer in these alternative firmwares.



Consumer routers are shaping up to be a perfect storm of security problems — they’re not automatically updated with new security patches, they’re connected directly to the Internet, manufacturers quickly stop supporting them, and many consumer routers seem to be full of bad code that leads to UPnP exploits and easy-to-exploit backdoors. It’s smart to take some basic precautions.

Labels:

Comments

Post a Comment

Popular posts from this blog

Session Messenger----Best Secure Messaging App

  Session is fundamentally different than most other secure messaging services. Conversations in Session are secured using  client-side E2E encryption . Only the sender and the recipient of a message can read it. But Session goes beyond providing message security. Session also  protects the identities  of its users. It makes your communications private and anonymous, as well as secure. Session can do this because it  connects users  through a  Tor -like network of thousands of  Service Nodes . Service Nodes are servers that pass messages back and forth through the network as well as provide additional services. The  onion request  system that Session uses to protect messages ensures that no Service Node in the network ever knows both a message’s origin (your IP address) and destination (the recipient’s IP address). This allows you to  hide your IP  by default. Session takes a number of additional steps to protect your identity: No phone number is required for registration No email is r
Post a Comment
Read more

Tiny 11 - A Lightweight Windows 11 that can run on 2GB RAM and requires less harddisk space.

  In terms of Windows 11, its   system requirements   are high since this system requires at least 4GB RAM, 64GB storage space, enabled TPM & Secure Boot, a high CPU (1 GHz or faster with 2 or more cores on a compatible 64-bit processor), etc. compared to any old Windows operating systems. If you have an old or lower-end PC, Windows 11 is not a good option to install since many issues like random crashes, blue screen errors, etc. could appear on the unsupported hardware. Overview of Tiny11 If you want to run Windows 11 on your old computer with low RAM and disk space, Tiny11 appears in public. It is a project from NTDev and Tiny11 is a Windows 11 tiny edition. This edition is based on Windows 11 Pro 22H2 and includes everything you need for a comfortable computing experience since this tool doesn’t have the bloat and clutter of a standard Windows installation. Tiny11 Requirements In terms of Tiny11 requirements, a scant 8GB of storage and just 2GB of RAM are required and Windows 11
Post a Comment
Read more

Linuxfx 10 : A Windows-Like Linux Distro

The idea of Linuxfx is to make it easier for people who are migrating from Windows 7. People who are dissatisfied with the lack of security and stability of Windows 10 are also fit for Linuxfx. LinuxFX Desktop : Apart from Windows-like looks, Linuxfx also has more to offer which a regular user will definitely admire. So, let’s get along with me to know more about Windows alternative Linuxfx. As usual, I started by downloading the ISO image of Linuxfx from the official site  here . Then, instead of dual-booting, I decided to install it on my VirtualBox to play safely. After finishing the basic configuration, as soon as I booted it, I noticed a Windows logo and system integrity check. That’s quite surprising because every Linux distro puts their own or OEM logo on that place. But I think Linuxfx wants to make migrating users feel like home from the beginning. Entering the boot menu, Linuxfx redirected and logged in to a live session. Whoah! it can also detect the system I’m using — anoth
Post a Comment
Read more