What is a router?
A router is a physical or sometimes virtual appliance that routes information between two or more packet switched computer networks. A router inspects a data packets destination IP address and calculates what the best way is for the packet to reach said destination and then forwards the packet on. What this means for us is that routers facilitate communication between internal and external networks such as the internet, routers also facilitate both wired and wireless communications making life far easier.
Within a network, packet switching breaks streams of data into smaller blocks of data. Each of these small blocks are then sent independently over a shared network.
Allowing your internal network to access the wealth of resources that the internet has to offer and communicate with those across the globe is a vital component of allowing your organisation to function and go about its day-to-day activities. However, this does unfortunately allow malicious cyber criminals another avenue from which to attack and cause disruption on your network. If a malicious individual was to compromise your router, they could potentially gain access to your network. They could conduct a whole host of attacks, for example a de-authentication attack, a type of Denial-of-service attack interfering with communication between routers and devices. The attacker can deny legitimate device requests to access to the network and even force users to connect to rouge networks they have created monitoring all the data flowing through it. Another example is a man in the middle attack where the attacker secretly intercepts data between two devices and relays the messages to convince the two parties, they are communicating directly with one another. This opens the door to sensitive data falling into the wrong hands! These are not the only attacks that you could be subjected to though and it is imperative that you secure your router to prevent yourself falling victim to cyber criminals.
How can I secure my router?
There are things that you can do to help keep your network safe, this is by no means an exhaustive list and further reading is recommended:
- Change your SSID or hide it: Change your Service Set Identifier, also referred to as your network name or even hide it altogether. This can make it harder for attackers to identify your network, router or even find it. It also increases the security of your network potentially deterring hackers by indicating this is a well-maintained network, not just one using default credentials.
- Change the default password issued with the router: Many routers come out of the box with default credentials issued, cybercriminals can explore a plethora of websites to try and find this information and access the routers admin settings. Changing these credentials will make this process increasingly difficult.
- Create a strong Wi-Fi password and change it often. Creating a strong password and changing it on a regular basis is another good technique to prevent unwanted individuals gaining access to your network.
-Turn on the firewall and wi-fi encryption. This should be enabled by default, but it is important to check and turn them on if not. This can be done by accessing your routers settings.
Create a guest network. It is not uncommon for temporary members of staff or guests to enter your premises and for one reason or another require your WIFI password. For security reasons it is best to create a guest network for such a scenario. This is not to say they will attempt anything nefarious but their devices or anything they download whilst on your network could be infected and leave your network open to attack.
-Keep routers up to date. Keeping your router up to date ensures that you have the best up to date protection against any known vulnerabilities. Set your router to automatically update in the admin settings, if possible, and regularly check to make sure your router is up to date.
Place your router in a central location: if you can, place your router at the centre of your premises. The reason for this is that routers send wireless signals in every different direction, so therefore placing your router in a central location will help keep your connection contained within the confines of your office or home as much as possible. Additionally, this is also conducive for the best connection quality.
Disable remote router access if not necessary. Unless you are accessing your router from an off-site location it is important to disable this feature to prevent an attacker from doing so.
-Disable UPNP. Typically, UPnP doesn’t authenticate devices, assuming that devices trying to connect to it are trustworthy coming from your local network. This means that attackers can potentially find backdoors to enter your network. For example, they can discover your router on the wider network and then pretend to be an Xbox. They will send a UPnP request to your router and the router will open the port – no questions asked.
Upgrade to a WPA3 router if possible. WPA3 is the latest security protocol for routers which new routers should come with by default. However, many people rent their routers directly from their internet service provider, which may not include the most up-to-date equipment. A quick search of your device's model is advisable and should tell you when it came out and any specific features, such as whether it has WPA2 or WPA3. If you've got a router with WPA2, contact your provider and negotiate for a better, more recent router.
Useful links:
How to change your router password:
Access router settings:
Change SSID:
Disable UPNP:
WPA version, how to find it and the differences:
Comments