Earlier this year I was forced to buy a new router
for my home. As it is, with so many devices to connect, the old TP Link no
longer provided me with what I needed. Two computers, three cell phones, video
game console, TV, Chromecast, stereo, smart lights, thermostat, smartwatch…
There are 13 computers permanently connected in 50 square meters, regardless of
when guests come and the first thing they ask for is the key to Wi-Fi.
After several sittings to analyze the
characteristics of many devices, I decided on the OnHub router from Google,
since it is a computer built for the Internet of Things and besides supporting more than 30
connected devices simultaneous , is considered one of the safer products on the
market.
In fact, the router is the first device that you
must consider when thinking about securing your connections — since it not only
controls the perimeter of your network, but all your traffic and information
pass through it. Nowadays, most of these devices have a wide variety of
functions, tools and configurations, which not only increase their potential,
but also increase the risk that they might become compromised. So, whatever
model you have in your house, take a few minutes to analyze its operation and
be sure to check these five key points in your configuration.
# 1 Change the password for your router
It seems untrue that in 2017 this advice is still
the first on the list, but the truth is that many users still do not change the
password of their computers when installing them at home. Without going any
further, just over a month ago, an investigation by Hold Security found that an
internal Equifax portal could easily be compromised by using
credentials default.
These credentials are on almost every device and
can be found easily by doing a search on the internet. So you should change both
the user and the key and try to use strong and unique passwords.
# 2 Divide and triumph: separate devices
Most of the modern Internet routers of Things allow
you to create different networks for different purposes. A good practice is to
take advantage of this function and create separate networks, so as to expose
as little as possible when using the most sensitive devices.
In addition, many current routers also have
firewall which allows you to analyze the incoming and outgoing traffic of the
device and determine which connections are allowed and which are not. From
these features you can, for example, separate all sensitive devices such as
surveillance cameras, storage devices, environmental controls (such as lights
or thermostats), etc. from the rest of the devices such as computers or
cellular. You can also choose which devices you want to share when you have
guests at home and which ones remain isolated, or separate your children’s game
consoles and computers from the rest of the network.
This way, your most important computers will be
protected in case of any unauthorized access or if a malware infection occurs.
# 3 Disable services and features you do not
use
Unless you know specifically what each router’s
functionality is for, disable all that is not in use. From a simple scanning
technique you can determine which ports and services are open. These can be
accessed from the outside and leave an open door for an attacker or a curious
neighbor. In addition, many of these services may have vulnerabilities that an
attacker can take advantage of to gain access to the network.
According to a recent ESET survey late last year, more than 20% of home
routing devices have remote management services enabled on non-secure protocols
such as Telnet or HTTP.
If you do not need to access your router from
outside your home, it is better to disable remote administration, control the
administration services over secure protocols such as SSH or HTTPS and disable
any other functionality that you do not use.
This tip also applies to all devices that connect
to the router. Turn off the camera, microphone, or other components that you do
not use on all your devices to avoid exposing them. In fact, it is so common
for many users to leave these services enabled or not properly configured, that
the search engine Shodan has indexed more than nine thousand webcams and seven
thousand routers with default credentials.
# 4 Audit your devices and connections
Do you know how many devices are connected to your
network? Can you easily identify them? This is key when it comes to detecting
intrusions or strange behavior.
Although it seems like a tedious and complicated
activity, the reality is that many routers facilitate the identification of the
connected equipment since, instead of using difficult-to-understand
nomenclatures like the MAC addresses, they allow you to create personalized
names for each device. In these cases, it is advisable to take a few minutes to
identify the equipment and then be able to recognize them more easily.
It is not too important to do a count every so
often and to check what equipment is in your network, such as the TV, the game
console, security cameras, smart devices, etc. It is also worth noting that you
can also check the configurations of these computers and ensure that there are
no default options or updates pending installation.
# 5 Update the firmware of your devices
All hardware equipment has an operating system,
which is known as firmware; and, like any other system, must be updated to correct potential bugs and vulnerabilities.
In fact, finding vulnerabilities in router firmware and other hardware is much
more common than it appears. Just a few months ago, a vulnerability reported on NetGear routers allowed it to steal
access credentials and take control of the device.
The main difference between the firmware of most
routers and the operating system of your computer or cell phone is that, in the
latter, the updates are usually automatic. That is, they are downloaded and
installed without requiring user interaction. In the case of network equipment,
like most IoT devices, firmware updates are not automatic, but the user must
download and install the new version.
While this can be a bit tedious for users without
an abundance of technical skills, the truth is that it is not as difficult as
it seems. Most devices have a graphical administration interface, in which you
will surely find a section with information about the device. Once you find the
model of your router and the firmware version installed, simply go to the
provider’s website and check if there is an updated version to install. Many
devices already include the update function directly in your management
console, which is very useful for reviewing and installing updates.
Now you know that it is worth investing a few minutes
in the configuration of your router and the devices connected to your network.
Do not be afraid to investigate the functionalities of your computer, disable
the ones you do not use, configure the protection measures and be aware of the
connected devices. Most of the current devices come with friendly graphical
interfaces so that in a few minutes you are more protected.