Saturday, January 17, 2009

Is your router secure?

The internet has become a staple in the most homes around the country. It is to the point where you might hear non technical persons talking about setting up their router and so for and actually knowing what they are talking about.

One of the biggest issues with this phenomenon is that the companies that sell the equipment for persons to have high speed internet from home do not provide proper instruction on how to keep them safe from the world in general. in the days of dial-up (hope they never come back) there was a degree of safety provided by the ISP. Now we have wireless and wire routers that provide our access (through a modem) to the internet and the protection is not as good. The biggest danger is with wireless routers since there is virtually no to physically barrier others from its communication.

If wireless routers are not setup correctly then it is possible for others to either hijack your router or the communications that you make through it. A devious person could go down to Radio Shack and buy the equipment to be able to scan your communications and steal personal and confidential information from you. It is also possible for someone to be able to do illegal activities from your internet connection which could get you in a lot of trouble. It is possible for these persons to also be able to access your computers and steal your information which can lead to identity theft and other problems.

I do not write this to scare people away from the internet but to scare them to protect themselves from those people who have no morals or ethics. I have friends and family that have all been affected by some of these scenarios all of which could have been prevented if they knew about some of the features that are available in their equipment. The reality is that it is almost impossible to be completely secure from the outside world. What you want to do is make it difficult enough that these persons either do not see it worth their time to get around all that or let them find someone else that an easier target.

I have compiled a list of suggested configuration changes to make on your home routers. Typically most people install their router, go through the wizard and leave all or most of their configuration setting at the default setting. The danger of this is that if someone is trying hack your router they will try all the default for the most common manufacturers.

  • Change the default IP address on your router.
  • Disable wireless broadcasting (if you are using Windows Vista you will need to change a default setting in your wireless network properties. There is a setting called "Connect even if the network is not broadcasting" and it will need to be check or you will not be able to connect after broadcasting is turned off)
  • Setup encryption, WEP, WPA, RADIUS... Something is better than nothing. Each of these different types have benefits and disadvantages and you should research each to determine which is best for you. None of them are completely secure though paired with some of these other tips they will keep you secure enough to prevent all but the most intent hackers.
  • Use a complex passphrash for your encryption key (other languages, words with nubmbers and characters, putting together a phrase and using parts of that phrase to make the passphrase....)
  • Setup the wireless MAC address filter and only allow MAC addresses that you define in the configuration.
  • Turn on the firewall features. I would think that this would be a no brainer though this is actually an option that you can turn off.
  • Set it up to block anonymous requests.
  • Do not open any ports that are not abosolutely necessary. One of the biggest offenders of this is file sharing programs. I hate these applications, they are the bane of safe systems everywhere and are the breeding ground for virus delivery and computer performance problems. I will leave the legal/illegal debate for others. I recommend never using them because they will eventually cause you more problems than good, and they require you to have ports open at all times that increases your risk to the outside world. Also most of the groups that create these applications make them almost impossible to remove them from the computer without having to modify your registry and other things that could also cause problems if you do not know what you are doing.
  • Never configure your router to have a computer in the DMZ unless it is absolutely necessary.
  • Change the defauly password on the router (e.g. on a linksys router the default login is a blank username and the password of admin).
  • If you need to have the remote management feature turned on for the router change the default port.
  • Last but not least is to make sure that you keep up-to-date on any firmware updates for your router. These can be found by going to the manufacuter's website and searching for your router model number.

I hope that some of these tips will be of use to anyone that reads this and it helps to keep you secure from any morons out there that try to take advantage of others.

Happy Computing!

Posted by Unknown at 9:29 PM

1 comment:

  1. karenJanuary 18, 2009 at 8:34 PM

    I think you just need to come over and do it for us. See ya. :)

    ReplyDelete

Subscribe to: Post Comments (Atom)