CyberWisdom Safe Harbor Commentary on router configured securely:
Five ways router configured securely
1. Make the router connection and certification test
Recently, we posted information at WeLiveSecurity.com on how to protect your home router against Internet of Things threats. Now let’s review other highlights of router management and configuration, especially about ports and services.
Routers allow management and configuration using some of the ports in the local network; this can be done via an Ethernet cable or a wireless connection. Normally you can configure your router over the web but the router also allows you to connect other services and ports such as FTP (port 21), SSH (22), Telnet (23), HTTP (80), HTTPS (443) or SMB (139,445).
In addition to this, there are various other well-known and well-used services whose default port is identified as the Internet standard defined by the Internet Assigned Numbers Authority (IANA). Although a blocked port configuration may be set in the router by default, you can view it to determine status and configuration settings. In other words, you can only enable the services you need, disable all other services, and block unused ports. Even if a remote connection, unless necessary.
The same logic applies to using passwords to manage services. If possible, you should change the (admin) password and username so neither is the default out of the box. If the router’s default password has not changed, attackers can know or easily guess; if that’s the case, they can log in to your router and reconfigure or compromise the network.
In addition, we recommend using long, complex passwords or pass phrases for these purposes; you can use Password Manager to create and store passwords in a secure place. Therefore, recheck the service and port configuration, user account, and password strength.
2. Perform a vulnerability test on the router
There is another aspect to consider when looking for weaknesses in your router setup – test whether the router can execute with a tool that automates tasks, such as finding known vulnerabilities. This type of tool includes information, options, and advice on how to resolve these potential problems. Attackers use similar tools to identify vulnerabilities in the router, so it’s also a good idea to use them, so your router is no longer low cost.
Some router tests include scan port vulnerabilities, malicious DNS server reputation, default or easy-to-hack passwords, vulnerable firmware or malware attacks. Some also include vulnerability analysis of the web server components of the router, finding issues such as cross-site scripting (XSS), code injection, or remote code execution.
If you do not know these attacks and irregularities, be sure to find a router test (or a set of tests) that will work for you as hard as possible. Although this is not a complete test, a good way to get started is with the Connected Home Monitor tool.
Verify the connected devices in the network
3. Router configuration
A third aspect of maintaining the normal operation and performance of routers and networks is the identification of connected devices. Occasionally, trusted devices may or may not be trusted to connect without proper authorization due to bad practices and the use of vulnerable protocols.
Therefore, it is a good idea to understand and be able to identify all the devices connected to the router: First, network performance is degraded to prevent unauthorized use of resources by third parties; second, as a security measure to keep your information from being compromised.
Validation is done either through automation tools or through the manual use of the router’s management options. The next steps in the right direction include allowing only allowed devices and using only filters to restrict access to specific IP addresses or MAC addresses.
To begin this activity, the Connected Home Monitoring Tool provides an easy-to-access list of connected devices, sorted by device type, such as printers, routers, mobile devices, etc. to show what is connected to your home network. Then, you must make your own changes using the router interface.
4. Update all devices on your home network
There was a recent vulnerability called KRACK (key reinstall AttaCK) that allowed interception of traffic between devices connected to access points in a Wi-Fi network, again emphasizing Updated.
For an attack that exploits this vulnerability, the perpetrator must usually be near the expected victim’s Wi-Fi network. An attacker could reconnoitre the communication or install the malicious software. Once the manufacturer has posted a security patch to address the vulnerability, we always recommend updating all devices (such as computers, smartphones or tablets) connected to your network; other patches will be updated in the firmware installed on the router once patches are available, Such as computers in “public network” mode, add the full level of the device compared to the “private / home” network mode because it reduces the risk of compromised devices being attacked. We want to emphasize that the most important thing is to keep computers and devices updated.
5. Enabling Security Options
The fifth best practice is to enable the security options available in your router’s configuration, depending on the model and type of device. Regardless of the router model used in your home network, we recommend that you enable security options designed to provide more protection for your devices and networks. For example, some recent routers include configuration options to allow enhanced protection against known Denial of Service (DoS) attacks such as SYN flooding, ICMP echo, ICMP redirection, LAN denial (LAND), Smurfs, and shutting down WinNuke . If you enable these options to prevent the router and the network from functioning properly, selectively disable them to improve performance. Information Protection – Endless Tasks
We have just touched on five practices that help to improve safety. It is important to check the router’s settings and fully protect the routers, devices, and of course the data as needed. Doing so will help stop many of the entry points used by the current pandemic cyber-security threats.
News, views, and insight from the ESET security community By Miguel Ángel Mendoza posted 23 Jan 2018 – 01:58PM Cybersecurity nowadays requires more (and better) protective measures than ever before. These measures range from adopting what are acknowledged as best practices, through helping end-users to stay well-informed about upcoming threats and how to avoid them, to implementing internet security technology and keeping it up to date. In a dynamic environment where threats continually evolve and new vulnerabilities are identified almost daily, it is necessary to use the most up-to-date security tools, since they deal with protection measures for new and ever-shifting attack vectors. Whether we are speaking about the work, school or home environment, security must consider and protect all elements that could become gateways for possible attacks. In this article we will review some security aspects users should look at in a home network ―particularly those related to the configuration of its internet-connected router. Recently, we published information at WeLiveSecurity.com about how to secure your home router to prevent IoT threats. Now we will review other important points for the administration and configuration of routers ―in particular, steps pertaining to ports and services. Routers allow administration and configuration using… Engaging post, Read More…
thumbnail courtesy of welivesecurity.com
If you like to receive more of these curated safe harbor news alerts then subscribe to my mailing list. and come back soon at https://www.safeharboroncyber.com/Blog/ to read further CyberWisdom Safe Harbor Commentaries. Home » Curated SafeHarboronCyber’s CyberWisdom Post »