Learning While Aging

Protect your router from being hacked

asus_a-100025570-orig

In the fast few days, you may have heard from some news source that some nice hacker(s) targeted unprotected routers with good intention. After hacking the router to gain access to user’s network, the hacker(s) installed some protective software that will look for spyware and remove it once found. The software can also install important updates on user’s computer and even force the user to update their computer so their computer will be up to date and secure. The intention might be good, but I personally would never want anyone but me to touch my computer and I don’t need any vigilante to keep my computer secure without my consent.

For any home network, the router is like the front door to the network, therefore, it is very important to keep your router secure. As a matter of fact, it is not hard at all to keep it secure and below are some advice from my experience:

  1. Every router comes with a default administrator account with default username and password, and most likely the username is “admin” and the password is “password”. Obviously the default password is not secure, so the first thing you need to do when setting up your network is to change the default password to a strong and secure password. I personal think this is the most important step in protecting your network from being hacked.
  2. When you setup your wireless network, make sure to create a strong network security key. DO NOT use your router password as your security key!
  3. If your router supports a feature called WPS (WiFi Protected Setup), then disable it during the router setup. The WPS is designed to allow a computer to easily connect to a wireless network without knowing the network security key. Usually when a user is trying to connect to a wireless network, they will be prompted for entering the correct security key; however, when a user is trying to connect to a wireless network with a WPS-enabled router, they will be prompted for entering the WPS PIN, which is a 8-digit PIN printed on the router. Since the last digit is for checksum, so there are only 10^7 combinations of the rest 7 digits. Also when router tries to validate the PIN user entered, it does not use the whole 8 digits, instead it separates the first 4 digits from the last 4 digits for validation. Due to this design flaw, a hacker can use a brute-force tool to figure out the PIN in about one day. So far the only fix for this flaw is to disable the WPS feature on your router. If your router does not allow you to disable WPS, then try to upgrade the firmware of your router first, if it still does not allow you to disable, then buy a new router.
  4. If your router supports guest network like mine does, then make sure you create a guest network for your visitors to use. Guest network only allows users to access the Internet, but does not give them access to your home network, so your documents, pictures, and other personal stuff will not be shared with them. My router also allows me to configure how long I want my guest network to be enabled, then after the specified period of time, the guest network will be disabled automatically.
  5. After you setup your wireless network, then hide your SSID, which means do not let router broadcast the SSID of your network. All the computers who are already connected to your network will still be able to connect to your network automatically, but any new computer will need to be manually added to your network. This seems to be troublesome when connecting a computer to your network, but the security benefit makes it worthwhile. Because after you disable SSID broadcast, your network name will not show up in anyone’s available wireless network list. Less exposure means more secure network.
  6. Regularly check for new firmware of your router to keep your router up-to-date.

These tips should keep your router and network pretty secure. If you think I missed anything, please let me know.