hCybersecurity nowadays requires more (and better)
protective measures than ever before. These measures range from adopting what
are acknowledged as best practices, through helping end-users to stay
well-informed about upcoming threats and how to avoid them, to implementing
internet security technology and keeping it up to date.
In a dynamic environment where threats continually
evolve and new vulnerabilities are identified almost daily, it is necessary to
use the most up-to-date security tools, since they deal with protection
measures for new and ever-shifting attack vectors.
Whether we are speaking about the work, school or
home environment, security must consider and protect all elements that could
become gateways for possible attacks. In this article we will review some
security aspects users should look at in a home network ―particularly those
related to the configuration of its internet-connected router.
1. Conduct router connectivity and
authentication tests
Routers allow administration and configuration
using some ports in the local network; this could be done via Ethernet cable or
wireless connection. Usually you can configure your router via the web, but
routers also allow connections for other services and ports, such as FTP (port
21), SSH (22), Telnet (23), HTTP (80), HTTPS (443), or SMB (139, 445).
In addition to these, there are various other
well-known and well-used services whose default ports are established as
internet standards ―defined by the Internet Assigned Numbers Authority (IANA). Although the blocked port configuration might be set in
your router by default, you can review it to ascertain the status and
configuration settings. In other words, you can enable only the services you
need, disable all others, and block unused ports. Even for remote connections,
except where they are necessary.
The same logic applies to the use of passwords for
management of services. If possible, you should change both (admin) password
and username, so neither is the out-of-the-box default. If the router default
password has not been changed, it could be known to, or easily guessed by,
attackers; if that is the case, they can log into your router and reconfigure
it, or compromise your network.
Also, we advise the use of long and complex
passwords, or a passphrase for these purposes; you can use a password manager
to create and store passwords in a safe place. Therefore, it is important to
review the configuration of services and ports, the user accounts and the
strength of passwords.
2. Perform vulnerability tests on the router
There is another aspect to consider when looking
for weak points in your router settings – tests for routers that can be carried
out using tools that automate tasks such as looking for known vulnerabilities.
This type of tool includes information, options and suggestions on how to solve
these possible problems. Attackers use similar tools to identify
vulnerabilities in your router, so it’s a good idea to use them too, so that
your router is no longer low-hanging fruit.
Some router tests include scanning for port
vulnerabilities, malicious DNS server reputation, default or easy-to-crack
passwords, vulnerable firmware, or malware attacks. Some also include
vulnerability analysis of the router’s web server component, looking for issues
such as cross-site scripting (XSS), code injection or remote code execution.
If you don’t know about these attacks and breaches,
be sure to find a router test (or a group of tests) that does as much as
possible of the hard work for you. While it’s not a complete test, a good way to
start could be with the Connected Home Monitor tool.
3. Verify connected devices in the network
A third aspect of maintaining the proper
functioning and performance of the router and the network is the identification
of connected devices. Sometimes, due to bad practices and the use of vulnerable
protocols, it’s possible for trusted devices to connect without proper
authorization, and also for untrusted devices to connect.
It is therefore a good idea to be aware of and able
to identify all the devices that connect to your router: firstly, to avoid the
consumption of resources by third parties that do so illegitimately and degrade
the network’s performance, and secondly, as a security measure, to prevent your
information from being compromised.
Whether this verification is done through an
automated tool or by manually using the router’s administration options, the
appropriate next step consists of permitting allowed devices only, by using
filters to restrict access to specific IP addresses or MAC addresses only.
To start this activity, the Connected Home Monitor
tool provides an easy-to-access list of connected devices, categorized by
device type (e.g. printer, router, mobile device, and so on), to show what is
connected to your home network. Then, you must make the changes yourself using
your router interface.
4. Update all devices on the home network
The recent news of the vulnerability known as KRACK
(Key Reinstallation AttaCK), which allows the interception of traffic between
devices that connect to an access point in a Wi-Fi network, emphasizes again
the importance of updates.
For an attack to take advantage of this
vulnerability, its perpetrator would normally have to be near the intended
victim’s Wi-Fi network. Success would allow the attacker to spy on
communications or install malware. We always recommend updating all devices
connected to your network (like computers, smartphones or tablets), once the
manufacturers publish the security patches that address the vulnerability; also
install the updates to the firmware of the routers, as soon as patches are
available.
Other practices, such as configuring computers for
“Public Network” mode, increase the security level of the device compared to
the “Private/Home” network mode, because it lessens the risk of attack across
trusted devices. We would like to stress that the most essential thing to do is
to keep computers and devices updated.
5. Enable security options
A fifth desirable practice is to enable the
security options that are available in the configuration of the router, which
vary depending on the model and type of device. Regardless of the router model
used in your home network, we advise that you enable security options that are
designed to offer more protection of your devices and the network.
For example, some recent routers include
configuration options that allow increased protection against known Denial of Service (DoS) attacks, such as SYN Flooding, ICMP
Echo, ICMP Redirection, Local Area Network Denial (LAND), Smurf and WinNuke. If
enabling these options prevents your router and network performing properly,
selectively disable them to improve performance.
The protection of information – a
never-ending task
We have just touched lightly on five practices that
help to improve security levels. It’s important to review the settings of your
router and to change them, as needed, to contribute to the overall protection
of the network, router, devices and, of course, your data; doing so will help
block many of the entry points used by currently prevalent cybersecurity
threats.
