In the last decade or so, the concept of a small home or office network has changed with the arrival and prevalence of Wi-Fi routers. We get an internet connection from an ISP that we connect with a router to make the connection available in a certain radius (our home or office) wirelessly. These days, a regular wireless home network looks like this:
- Router or Wireless router – Connects the network to the internet.
- Wireless Access Point – Used to connect Wi-Fi-equipped devices to the network.
- Ethernet HUB or Switch -Used to connect Ethernet equipped devices.
- Cable cat 5, cat5e, or cat 6 with RJ45 connectors.
- Telephone Cable with RJ 10 connectors.
- Broadband Filters.
As you can see, routers have now assumed the central role in a small, local network along with the existing ISP connections. All the devices on the network are routed to their destination through the router. This decisive role of the router also highlights its importance in terms of cyber security.
Mounting Cyber Attacks on Home Routers and Careless User Behaviour
The individual security of all the connected devices depends on how safe and secure the router is. Unfortunately, users don’t pay much heed to router security despite a noticeable spike in the related cyber attacks. A security firm reported an over 500% increase in attacks on routers in 2018 compared to the previous year. From then on, this number is only gradually increasing.
No Firmware Update
A renowned broadband company has published a survey report indicating that 86% of users never update their routers’ firmware.
Persisting with Default Settings
Many users don’t bother to change the default settings of their routers. Since default settings are shared by a number of users, cybercriminals learn how to circumvent them. Therefore, routers still working with default settings are more vulnerable to cyber attacks.
One should keep in mind that a security-compromised router leaves all the connected devices and sensitive data transmission vulnerable to the shenanigans of cybercriminals. The good news is strengthening the security protocol of an internet router is not an uphill task. Any user can take a set of measures to improve their router security.
In this article, we will discuss the general steps you should take to fortify your wireless network’s security. We will also touch upon DNS hijacking and how it is connected to router security.
Things to Do to Improve Router Security
We are going to divide these measures into two categories: basic, update & setting changes.
Rename Your Default Home Network
Let’s start with the most basic thing you can do to improve the security of your router network, i.e., change its default name. Most Wi-Fi routers have their Service Set Identifier (SSID) set as their default names.
For a crafty cybercriminal, SSID alone gives enough information to find out the vulnerabilities of your router. With the help of SSID, they can find the manufacturer name and exact model of your router. This suggests that if they have infiltrated in the same router model in the past, they will attempt to compromise your network as well.
It is always better to give you network a generic name that doesn’t include any personal or device information. Also, refrain from giving a provocative name to your router like “unhackable,” “dare to hack.” Criminals can take this inconsequential provocation as a challenge.
Set a Unique and Strong Password
Every router device comes with the default username and password credentials. Different manufacturers use different sets of alphanumeric combinations as their standard usernames and passwords for all devices. At the time of router installation, you should change those generic credentials because they are too easy to guess.
Even if they are not easy to guess, attackers can get their hands on that widely available information easily through previous attacks and internet forums. A good practice is to set a router password as strong as you would set for your online bank account or a social media profile.
Set a string of more than 10 characters and have a mix of alphabets, numbers, and characters so that ambitious attacker can’t even brute-force their way into your router.
Turn off the Wi-Fi When Out
Turn off the router when heading out. It is another basic security measure that you can take. Not only will it protect your router and network from the hacking attempts of folks who know that you are not home, but it will also minimise the unnecessary operating hours of the device. Also, using one less electronic device means less carbon footprint.
Set the Router in the Centre of the House
Many people don’t think about the location of the router from a security standpoint. By setting up the router in the centre of the house, you can ensure equal signal strength in all the rooms. Secondly, when the router is set in the centre, its signals won’t go too far outside the house, which means less accessibility to strangers.
Update & Setting Changes
Increase and Upgrade Wi-Fi Network Encryptions
Routers that bear the trademark of Wi-Fi come with a built-in security protocol (password protection). These security protocols ensure that no unauthorised user can break into the router and use your internet data. These security protocols have changed and upgraded over the years because cybercriminals find out a way to circumvent them.
The first version of this network security was Wired Equivalent Privacy (WEP). However, it was soon cracked by hackers who also made the cracking tools and uploaded them on the internet for everyone to use.
WEP was first upgraded to Wi-Fi Protected Access (WPA) and then to WPA-2. Now, the Wi-Fi Alliance (an NPO that promotes Wi-Fi technology and certify Wi-Fi products) has made it mandatory for all the routers with Wi-Fi labels to use WPA-2 protocol as a default security option.
WPA-2 uses the AES encryption module to secure your wireless connection. If you have bought the router in the last couple of years, there are strong chances that it will already be laced with WPA-2.
In case you have been using the same router for more than a decade, it may not have WPA-2 is the default security protocol. You can check and upgrade your router for its WEP/WPA protocols by exploring its setting. We are sharing a general set of steps that applies for more or less every router make.
- Sign in to your router’s administrator portal by accessing its IP address in the web browser.
- Go to Settings/Security Settings/Wireless security in the side/top/bottom menu.
- Locate the “Encryption” or “Security Protocol” there and change it to WPA2-PSK.
If you don’t see this option, you may need to update your router’s firmware or change the device altogether.
Turn off the DHCP
If you don’t have WPA2 password protection on your router device and you are not replacing it soon, then disable its Dynamic Host Configuration Protocol (DHCP) to make sure that no unauthorised user can use it. DHCP is a protocol that allows routers to assign each of the connected devices an IP automatically.
When you have to use an open Wi-Fi network due to outdated network security (e.g., WEP protocol), any device connecting to the router will be assigned an IP when the DHCP protocol is enabled on it. By disabling this protocol, you can ensure that the network doesn’t assign a dynamic IP to any connected device.
When DHCP is disabled, you need to put a static IP in any device to connect it to the router. Your ISP or any network and security expert can devise a set of static IP addresses that you need to use on a DHCP-disabled router.
Keep Router’s Firmware Updated
In this day and age, when we are using a host of applications across various devices, we know that software updates don’t just improve the UI but also fix the bugs and security loopholes identified since the development of the given app or device. A device router also required a software update in the same manner to maintain its security. As mentioned earlier, more than half of the router users never update the firmware of their devices.
The major reason why most routers don’t get their firmware updated is the absence of an auto-update feature. A user has to get into the hassle of manually download the update patch and install it on the device. No one likes to get into that nuisance when their routers are working perfectly fine (at least for the time being).
Manufacturers don’t make it easy for users either. More often than not, you can’t find the required firmware update with a single Google search. If you have hit a roadblock and don’t know how to update your router’s firmware, contact the customer support of the router manufacturer. If you don’t want to get into that hassle either, ask your network security expert to take care of this.
Enable Hardware Firewall of the Router
You must be acquainted with the term “firewall” as a form of software security and the first line of defence in almost all operating systems. It is interesting to mention here that the security firewall doesn’t just come in a virtual, software version. When it comes to router security, you can use a hardware firewall as well.
The good news is most of the router devices have built-in hardware firewalls. However, you can still add another layer of security by setting up a standalone hardware firewall between the router and your devices. Some state-of-the-art firewalls are so multifaceted that they even let you monitor the activity on your internal network and also notify about potential cyber threats.
A standalone hardware firewall is suitable for SOHO (Small Office, Home Office) networks. Otherwise, just make sure that the built-in firewall of your router is enabled.
- Go to your router’s configuration page (after accessing its IP address in the URL bar)
- Locate a menu selection that reads Firewall, SPI Firewall, or a similar term
- Click on this selection and enable it if it is not already
- Apply and save the setting
- Disable Remote Access
You also need to disable the remote access of your router device. Many homeowners are not aware of this setting in their Wi-Fi, where even an unconnected device can also access the router and its privacy settings. Go the configuration, locate the label Remote Access or something similar, and disable it.
DNS Hijacking and Router Security
While talking about router security, there is no way to ignore DNS hijacking; however, before we discuss DNS hijacking and its connection with the router, it is important to know the function of DNS.
Domain Name System (DNS) is a protocol used by any internet connection to match a human-readable URL of a website against its machine-readable IP address. When you put a website (e.g.,www.abcdefg.com) in the browser, your DNS server will look for its legitimate IP address (e.g., 125.069.1.5), match it, and then pull that page on your internet connection which will be displayed in your browser.
In DNS hijacking, criminals take over your DNS. This means they are now in control of returning any website’s URL (Uniform Source Locator) with the version of theirs. So, if for example, you enter your bank website on an internet connection with a hijacked DNS, attackers (many of who are also experienced webmasters) will redirect you to a spoofed page to steal your banking credentials.
There are multiple ways to hijack DNS, and a router can also be used for that. When hackers get their hands on the login credentials of a router, they can easily overwrite their DNS settings without leaving any hint. This is the reason why you must change the default username and password of your router settings as soon as you unpack the device and set it up.
Attackers can also hijack your DNS server through the malware/Trojan infiltration. When this happens, a malicious code enters the network setting on your computing device and exploits its TCP/IP settings to change the route of your internet traffic and put it through the DNS controlled by the attackers. People who don’t use expert-recommended antivirus programs often fall victim to this type of DNS hijacking.
If you follow all the measures that we have discussed here, you can significantly improve the security of your home network. The last section also highlights that not using good anti-malware software can render all your router security measures useless. This means that you need to strive for holistic network security that covers all hardware and software fronts.
Cyber Engineers can help you in optimising your network and router security. We can create an entire cyber security plan for your network and system as well as train your employees in various capacities within cyber security.