Securing Your Router
Your router is the box that feeds your high-speed internet connection into your computer. But is it also an open door to hackers, crackers and wifi moochers? Learn how to secure your router…
How to Secure Your Router
Windows tells me there are 13 WiFi routers within range of my adapter right now. Two of them are "unsecured". I could connect to one of them and have free Internet access on my neighbor's nickel. I might be able to browse his or her computer, read email, capture bank account info, etc. If I'm lucky, there's an entire local area network whose computers I can pillage.
Wired routers, such as a cable, FIOS or DSL router, are no more secure than wireless. If I am on the same network as you, I can find your router. If it's unsecured, I can get into your computer and/or local area network. Guess what? The entire Internet is one big, happy network. Anyone in the world can find your router. It behooves you to configure your router so that it is difficult for others to get past it into your computer. I've listed some ways to do that below.
You'll notice that I don't give specific instructions on exactly how to implement each suggestion, and that's because there are so many different types of routers, and every one has a different interface. But the first step in every case is to login to your router. To find the address of your router, open a Command Prompt, then enter the ipconfig command. The output will look something like this:
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : home
IP Address. . . . . . . . . . . . : 192.168.1.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . : 192.168.1.1
Look for the "Default Gateway" line, and you'll find the router address there. So in this case, you'd open your browser and enter http://192.168.1.1 in the address box. You should be greeted with a prompt to enter your router's login and password, like the one shown above. If you have trouble getting there, some common router addresses are 192.168.0.1, 192.168.1.1, 192.168.1.100, and 192.168.100.1.
Steps to Securing Your Network Router
- Change the default administrator username/password. If I know that router maker X ships all of its routers with the default combo of "admin/password", and you're too lazy to change it, I can get in very easily. Change it to something I can't guess easily, like the name of your first pet and your mother's birth date.
- Turn off Wireless if you don't have any wireless devices. If you have a router with wireless capability, why broadcast a wireless signal if you don't have a laptop, iPod, or mobile device that needs to connect wirelessly? Turn it off, and eliminate the possibility that a clever hacker will find his way in to your home network.
- Change the default SSID name. I see that one of the unsecured WiFi routers available to me is named "linksys". I know the vulnerabilities of Linksys routers. If it was named "whargubl" my hacking mission would be harder.
- Turn off broadcasting of the SSID name. This is like taking the street numbers off your house. It won't stop a determined bill collector but it does make your house harder to find for people who have no business there. Write down the SSID name someplace offline, for you will need it to connect wireless devices to your router.
- Use WPA encryption, not WEP. WEP is an old , weak encryption standard that any kid can crack these days. It's a disgrace that many routers still ship with WEP enabled by default, and many users don't realize they should change WEP to the more secure WPA or WPA2. Do not buy any device that requires you to use WEP; there are always alternatives that use real encryption like WPA.
- Reduce wireless power. If your router allows you to turn down the power of its radio signal, do so until it's strong enough to cover your home or office but not broadcasting to an entire square mile.
- Eliminate or reduce use of DHCP. By default, most routers use this method of automatically assigning an IP address to any device that requests one. It's a bit more work to set up a static IP address when you attach a new device to a router, but you can rest assured that only things you allowed can get in. A compromise is to reduce the number of IP addresses that DHCP can assign. If you have ten devices at home or office, you don't need to make 255 IP addresses available to any passersby. Changing these settings is admittedly a bit techie, but if you poke around in the settings, and ask in some forums that deal with netwotk security, you should be able to find out how.
- Turn off ping response. Hackers often use the ping protocol to find routers. It's like dialing phone numbers at random to see if anyone answers. Don't answer.
- Update your firmware. Check the manufacturer's website to see if there is a firmware update available for your router. If so, download and carefully follow the instructions to update your firmware.
Do you have additional tips for securing a router? Post your comments or questions below...
This article was posted by Bob Rankin on 5 Aug 2009
|For Fun: Buy Bob a Snickers.|
Hard Drive Backup Image
The Top Twenty
Do Computers Get Tired?
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- Securing Your Router (Posted: 5 Aug 2009)
Copyright © 2005 - Bob Rankin - All Rights Reserved