on 25-02-2015 02:26 PM
Wireless routers can be a target for cybercriminals. If someone gain control of a router, they can monitor or even tamper with a wide range of online activities.
Here are some tips on how you can improve your router's security.
1. Don’t enable remote management over the Internet
Embedded web servers are the source of many flaws. Your corporate security policy should mandate that routers used to connect to a corporate VPN have remote management features disabled. In situations where it is necessary to manage the router remotely, it is safer to employ NAT rules allowing SSH or VPN access to manage the router. Vulnerability and configuration scanning products and services can be used to determine if employees are connecting through routers with exposed management interfaces.
2. Don’t forget to log out after configuring the router
Some routers will not automatically log out of the admin page when not in use. This can result in a situation whereby the browser used to configure the router remains authenticated. Attackers can easily access it without having to be authenticated.
3. Turn on encryption and turn off WPS
It is much easier for a router to be attacked if someone can connect to it. Turning on AES backed WPA2 protected with a strong (26+ character) pre-shared key is ideal. WPS is a service which makes it easier for authorized clients to connect but also makes it much easier for attackers to determine your wireless passphrase, regardless of its complexity or “strength”.
4. Change the password for your router admin page
Default passwords are often the same for an entire product line or are generated from a common algorithm making a device easy prey for an attacker. It is imperative that you and other users change passwords rather than using defaults. Using default or weak passwords can make it possible for malicious applications, or even web pages, attack the router.
5. Keep the router firmware up-to-date
Up-to-date firmware fixes known product issues, including security problems. Routinely logging into the router to check for firmware updates makes it more likely that users may notice unusual behavior that could indicate compromise.