![\"\"](\"http:\/\/blog.zoha-islands.com\/wp-content\/uploads\/2021\/04\/unnamed-300x271.jpg\")
<\/p>\nThe old adage says \u201cDon\u2019t put all your eggs in one basket.\u201d Yet most of us do exactly that with all of our expensive \u201csmart\u201d home electronics, and the consequences can be as calamitous as the old proverb implies. The latest cyber attacks are targeting home internet routers. Here’s my advice on what you need to know to defend yourself against router attacks…<\/p>\n
I sometimes hear from people who claim they have no router. But unless you’re on a super-slow dialup connection, you do. Some say they have just a modem they rent from their Internet Service Provider (ISP). For the record, the \u201cmodem\u201d that Comcast and other ISPs talk about is the black box they overcharge you to rent.<\/p>\n
That box contains the router which controls traffic on your home network as well as the modem that handles communication with the Internet. So yes, this article is relevant to you, too.<\/p>\n
The “basket” I mentioned in the intro is your home\u2019s router, the device that acts as a gateway between the Internet and all the gadgets in your home that use it. When malware compromises your router, it\u2019s as if a fox pried open your basket of precious eggs. Everything on your home network is compromised, too.<\/p>\n
<\/p>\n
That is one reason to run anti-malware software on each computer attached to your home network even though the router may have a firewall or other security features designed to keep intruders and malware out. If the router\u2019s protection fails, individual devices may save themselves. The performance hit imposed by such redundancy is negligible compared to the potential risk to computers that harbor irreplaceable data. An even greater reason not to rely on your router\u2019s security is that it is almost non-existent, in most cases.<\/p>\n
The firmware of most consumer-grade routers is poorly written to begin with, is often left unpatched when vulnerabilities are discovered, and almost certainly will not be supported longer than two years after your particular router make\/model was released. (How long have you had your router? How old was it when you got it?)<\/p>\n
This disgraceful state of affairs is especially true for cheap, no-name routers. Brands that I consider trustworthy include TP-Link, Netgear, Linksys, ASUS, and D-Link. If you see a router advertised on Amazon, but it\u2019s a brand you\u2019ve never heard of, and yet somehow they\u2019ve got thousands of glowing reviews, put down the mouse and back away slowly.<\/p>\n
Consumer-grade routers are commodities differentiated only by price in the minds of most buyers, who do not grasp the technical mysteries of these boxes that \u201cjust sit there blinking.\u201d Consequently, manufacturers shave their costs in every possible way. Software quality and support are sacrificed heavily.<\/p>\n
![\"\"](\"http:\/\/blog.zoha-islands.com\/wp-content\/uploads\/2021\/04\/Weak-Security-Message-Wi-Fi--300x109.jpg\")
<\/p>\n
You may have noticed that your router does not automatically update its software; that updates are never trumpeted via the trade press; that it is devilishly difficult to find current router software on manufacturers\u2019 sites, and tricky to install it correctly if you do find the right update. Even basic documentation of the software that ships with a router is often terribly slim and reads as if was run twice through Google Translate. These are all signs that a router maker has skimped on security software and support.<\/p>\n
Another sign of weak security is that the only advice you get for improving security is, \u201cChange the default admin password.\u201d That is the first thing you should do with a new router; if it is the last thing you can do, the router still may have no meaningful security.<\/p>\n
\u201cDisable remote administration\u201d is another router security recommendation that should be implemented but does not hacker-proof your router. Remote administration allows you, your ISP, and possibly some hacker in Romania the ability to login to the router via the Internet. Hackers have known about \u201ccross-site request forgery (CSRF) \u201d tricks that get around this safeguard for many years, but some cheap routers still don\u2019t close this hole.<\/p>\n
Your ISP may not even allow you to disable remote router administration. After all, it makes their job a lot easier if they have to reconfigure your router. This is a case of \u201cbetter to ask forgiveness than permission.\u201d Disable remote administration if you can; address any objections from your ISP only if necessary.<\/p>\n
You have the legal right to use your own equipment on your side of the ISP\u2019s box as long as it doesn\u2019t interfere with anyone else\u2019s service, according to the FCC and well-settled case law.<\/p>\n
Protecting the IP addresses of the DNS servers that your router uses to look up Internet sites is another security essential that cheap routers neglect. These DNS server IP addresses are stored in the router\u2019s memory. A badly secured router leaves it vulnerable to \u201cDNS hijacking\u201d in which requests for domain name lookups are misdirected to an attacker\u2019s bogus DNS server, and what you see in your browser\u2019s address bar may not be the site that you think it is.<\/p>\n
If your home network\u2019s security is worth $100 to $150 amortized over five years, then you should be willing to buy a better router, too. If you are paying for malware protection of individual devices on your home network, a competent router makes that investment more worthwhile; otherwise, you are sacrificing the redundancy that makes security as good as it can be. Check out the Asus RT-AC5300 router, Netgear\u2019s Nighthawk AC1900 family, and models in the Linksys \u201cSmart Wi-Fi\u201d family of routers.<\/p>\n
That said, here are some things you can do to configure better security on any router. I cannot provide detailed instructions for your specific router; but in most cases you’ll start by connecting to your router via this address: http:\/\/192.168.1.1 and providing the admin username and password. If you need help logging into your router, or changing the settings once logged in, contact your ISP or look for instructions online.<\/p>\n
Your first task is to change the administrator\u2019s password<\/b>; this one cannot be repeated often enough. Many routers ship with a default password, or no password at all, leaving them wide open to attack.<\/p>\n
Disable remote administration<\/b>: discussed above. The router should be accessible only via a physical Ethernet cable, or from a specific, fixed IP address of a device designated for the administration of the router (such as the owner\u2019s PC or phone).,<\/p>\n
Change the router\u2019s IP address<\/b>. Hackers typically look for vulnerable routers at a factory-default IP address like 192.168.1.1; if that fails, the attack fails in all but the most sophisticated campaigns. But there is no reason a router can\u2019t have another IP address, and your router\u2019s administration interface should allow you to make such a change.<\/p>\n
For example, you could choose 192.168.0.100 as your router\u2019s IP address. Log in to the router\u2019s administrative interface in the usual way, via the default IP address. Navigate to the page that enables changes to the router\u2019s IP address and make your change. Save changes and reboot the router. Henceforth, enter the router\u2019s new IP address in your browser\u2019s address bar to access the router\u2019s admin interface.<\/p>\n
Keep router firmware up to date<\/b>. Automatic updating of router firmware should be as standard as automatic Windows Update on all routers; don\u2019t buy a new router without it. Newer models from Linksys and Netgear include automatic firmware updates as an option.<\/p>\n
Changing the router\u2019s default password is the first, easy step towards router security you can count on. If you also perform any one of these reinforcements to your router\u2019s security, you will have thwarted a significant portion of other potential attacks. Implement all of these suggestions if you can.<\/p>\n
Have a great week from all of us at Zoha Islands And Fruit Islands<\/p>\n","protected":false},"excerpt":{"rendered":"
The old adage says \u201cDon\u2019t put all your eggs in one basket.\u201d Yet most of us do exactly that with all of our expensive \u201csmart\u201d home electronics, and the consequences can be as calamitous as the old proverb implies. The latest cyber attacks are targeting home internet routers. Here’s my advice on what you need … Continue reading