Securing Your Router
Your router is the box that feeds your high-speed internet connection into your computer. But is it also an open door to hackers, crackers and wifi moochers? Learn how to secure your router… |
How to Secure Your Router
Windows tells me there are 13 WiFi routers within range of my adapter right now. Two of them are "unsecured". I could connect to one of them and have free Internet access on my neighbor's nickel. I might be able to browse his or her computer, read email, capture bank account info, etc. If I'm lucky, there's an entire local area network whose computers I can pillage.
Wired routers, such as a cable, FIOS or DSL router, are no more secure than wireless. If I am on the same network as you, I can find your router. If it's unsecured, I can get into your computer and/or local area network. Guess what? The entire Internet is one big, happy network. Anyone in the world can find your router. It behooves you to configure your router so that it is difficult for others to get past it into your computer. I've listed some ways to do that below.
You'll notice that I don't give specific instructions on exactly how to implement each suggestion, and that's because there are so many different types of routers, and every one has a different interface. But the first step in every case is to login to your router. To find the address of your router, open a Command Prompt, then enter the ipconfig command. The output will look something like this:
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : home
IP Address. . . . . . . . . . . . : 192.168.1.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . : 192.168.1.1
Look for the "Default Gateway" line, and you'll find the router address there. So in this case, you'd open your browser and enter http://192.168.1.1 in the address box. You should be greeted with a prompt to enter your router's login and password, like the one shown above. If you have trouble getting there, some common router addresses are 192.168.0.1, 192.168.1.1, 192.168.1.100, and 192.168.100.1.
Steps to Securing Your Network Router
- Change the default administrator username/password. If I know that router maker X ships all of its routers with the default combo of "admin/password", and you're too lazy to change it, I can get in very easily. Change it to something I can't guess easily, like the name of your first pet and your mother's birth date.
- Turn off Wireless if you don't have any wireless devices. If you have a router with wireless capability, why broadcast a wireless signal if you don't have a laptop, iPod, or mobile device that needs to connect wirelessly? Turn it off, and eliminate the possibility that a clever hacker will find his way in to your home network.
- Change the default SSID name. I see that one of the unsecured WiFi routers available to me is named "linksys". I know the vulnerabilities of Linksys routers. If it was named "whargubl" my hacking mission would be harder.
- Turn off broadcasting of the SSID name. This is like taking the street numbers off your house. It won't stop a determined bill collector but it does make your house harder to find for people who have no business there. Write down the SSID name someplace offline, for you will need it to connect wireless devices to your router.
- Use WPA encryption, not WEP. WEP is an old , weak encryption standard that any kid can crack these days. It's a disgrace that many routers still ship with WEP enabled by default, and many users don't realize they should change WEP to the more secure WPA or WPA2. Do not buy any device that requires you to use WEP; there are always alternatives that use real encryption like WPA.
- Reduce wireless power. If your router allows you to turn down the power of its radio signal, do so until it's strong enough to cover your home or office but not broadcasting to an entire square mile.
- Eliminate or reduce use of DHCP. By default, most routers use this method of automatically assigning an IP address to any device that requests one. It's a bit more work to set up a static IP address when you attach a new device to a router, but you can rest assured that only things you allowed can get in. A compromise is to reduce the number of IP addresses that DHCP can assign. If you have ten devices at home or office, you don't need to make 255 IP addresses available to any passersby. Changing these settings is admittedly a bit techie, but if you poke around in the settings, and ask in some forums that deal with netwotk security, you should be able to find out how.
- Turn off ping response. Hackers often use the ping protocol to find routers. It's like dialing phone numbers at random to see if anyone answers. Don't answer.
- Update your firmware. Check the manufacturer's website to see if there is a firmware update available for your router. If so, download and carefully follow the instructions to update your firmware.
Do you have additional tips for securing a router? Post your comments or questions below...
This article was posted by Bob Rankin on 5 Aug 2009
For Fun: Buy Bob a Snickers. |
Prev Article: Hard Drive Backup Image |
The Top Twenty |
Next Article: Music For The Blackberry |
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin Subscribe to AskBobRankin Updates: Free Newsletter Copyright © 2005 - Bob Rankin - All Rights Reserved About Us Privacy Policy RSS/XML |
Article information: AskBobRankin -- Securing Your Router (Posted: 5 Aug 2009)
Source: https://askbobrankin.com/securing_your_router.html
Copyright © 2005 - Bob Rankin - All Rights Reserved
Most recent comments on "Securing Your Router"
Posted by:
Bob Rodgers
05 Aug 2009
I have turned on MAC filters on my wireless access point/router. This should allow only *specific* computers to enter wirelessly. I think this makes me more secure, but I'd value other opinions.
Posted by:
leon dombroski
05 Aug 2009
i know what a 'ping' is in sonar,but what is it in internet?
EDITOR'S NOTE: Pretty much the same thing... it's a command you can use to send an "are you there?" packet to another server on the Internet. The remote server will respond if it's running. You can do it from the command prompt. Enter "ping yahoo.com" for example.
Posted by:
leon dombroski
05 Aug 2009
wow! are you fast! after my 'ping' post,i went to connect to my router,but windows says that it cannot display the webpage. it says that my default # is not set up to establish a connection on port ""world wide web service http" with this computer....a brand new dell inspiron. what now?? (your so fast i think i'll leave it here for your reply)
Posted by:
leon dombroski
05 Aug 2009
strike two,bob! i opened my command prompt and put in "pingyahoo.com" and it said it did not reconize it as being any type of command at all.i tried it a few different ways,all with the same rejection. has someone been buying you two many snickers bars, or am i just kinda on the edge of the twilight zone?
EDITOR'S NOTE: Add a space between the "ping" and the "yahoo".
Posted by:
Chris Rogers
06 Aug 2009
The ping command isn't as useful as it used to be as many server managers have now turned off their ping responder. For instance, "ping www.microsoft.com" will get a response along the lines of "pinging 207.46.192.254 with 32 bytes of data", followed by "Request timed out" four times.
So you need to know which hosts you can reliably ping when troubleshooting a connection problem.
Posted by:
larjo
06 Aug 2009
After I receive the login box, if I enter a password and check "Remember my password", I am returned to the same box. If I don't check "Remember my password", I am sent to a window that says "401 Authorization needed". I am the administrator. What should I do next?
EDITOR'S NOTE: I'm pretty sure that means the user/password was incorrect. Note that your router's login info is NOT the same as your Windows login.
Posted by:
Lane
12 Aug 2009
The same as Bob Rodgers, I use MAC filtering for security. With the variety of systems on my home LAN, WPA was a big headache. I see no reason MAC filtering would not be secure, since it allows only specific computers to connect.
Posted by:
mystified
12 Aug 2009
I have learned a lot from your tips. I don't know how to do most of what you just described. A friend setup my wireless router and I love the mobility of a laptop. However, it is not secure. Iam afraid to attempt, really don't know how to attempt, what you descibe because I am afraid I will mess up something.
Isn't there a simple software program that will take one through the steps and do this for us? If not, maybe you could develop one and make some money.
EDITOR'S NOTE: Like I said, there are many different routers and different admin interfaces. But you won't break anything just by logging in and poking around. Most of the items I mentioned are pretty easy to find and change if you explore the options in your router's admin interface.
Posted by:
C
12 Aug 2009
I wish I had gone to your school to learn about router security. Looks like I need to visit the local library cuz I just can't follow your instructions. Duh.
Posted by:
SarahL
12 Aug 2009
Bob Rodgers:
Yes, limiting wireless connections by MAC address is a great way to help secure your router. You are effectively shutting out any computer or device that is not listed in the table.
larjo:
Are you connecting to your router, or you DSL/Cable box? Most DSL/Cable boxes that are connected between the wall and the router will use the same address as the router, so insure that you are connecting to your router, not the DSL/Cable modem.
Also, make sure that you are using a WIRED connection anytime you are changing network settings - for safety. Connect the computer you are using to make admin changes to your router directly with a hard cable - do not use a wireless connection, especially for "flashing" an update to the router's firmware.
Finally, most routers can be "factory reset" if you lose track of your password/user name. The manufacturer's website should have specific instructions. Be sure to check your model name/numbers; using the wrong method can spork your router.
Happy Surfing! :)
Posted by:
rocketmouse
12 Aug 2009
Lest someone think router access depends on Windows, it doesn't. You can just as easily be on a Mac, or use Linux, or any other OS for that matter. You do, however, need to use a browser, any browser, to reliably get in to the router and change things. (And even that statement may be up for debate.) IPconfig is only for Windows as far as I know.
Posted by:
Jim
12 Aug 2009
You forgot the most important one! Make sure remote administrator access is turned off! If you must have remote access enabled, change the port number to a random number and use a strong password for access.
Posted by:
LeRoy Laycock
05 Apr 2012
I don't know my "UserName/Password" as noted in this context. How do I get it?
EDITOR'S NOTE: The default (factory supplied) password is blank, "admin" or "password" on many manufacturers' routers. Lists of default administrator passwords for hundreds of popular wireless routers are readily available here: http://www.routerpasswords.com/
But more likely, your ISP set the username and password when they installed your router. Ask them for this info if it's not printed somewhere on your router.
Posted by:
A R Duncan-Jones
22 May 2012
Managed to miss this first time round, very glad to have caught up.Thanks again, Bob, you do an amazing job. This is not a comment but a question, but you said it would more likely get answered if I put it here. How do I find my MAC filters (if I have any) and what do I do with them please ?
EDITOR'S NOTE: You'd have to login to your router, and look around in the wireless settings. The setup screens are different for every brand of router. But if you don't remember creating any, why are you concerned?
Posted by:
Theocat0
27 Aug 2014
I tried running ipconfig but after I run the dos screen opens for a split second (much too fast to read)? What's going on?
EDITOR'S NOTE: Open a command prompt (CMD.EXE) first, then run IPCONFIG.