How is the routers used in home network?
Our home router has become an internal part of global communication footmark when the use of the Internet has developed to contain home-based telework, entertainment, personal financial management, social network, school work, and businesses. Router facilitates the broadened connection. Almost all these devices are pre-configured in the company that those made and are plug and play for immediate use. After installing a router at home, people frequently connect directly to the world wide web without conducting any additional configuration. People might be reluctant to enhance safeguard configurations because those configurations may seem bit difficult or people are unwilling to spend more time with these advanced configuration settings.
Wired or Wireless?
Wired LANs: Interconnect two or more routers via ethernet (RJ 45) cables. These LANs usually get use centralized devices like switches, routers, and hubs (not using these days) when it needs connection among a huge number of PCs. Wireless LANs: Interconnect two or more routers through the air. The infrastructure shall be either AD-hoc mode or infrastructure mode. Both wireless and wired are having their own disadvantages and advantages. Wireless LANs is the current trend due to few reasons:
- Mobility support
- Wireless is the future trend
- Ease of installation
Why wireless LANs are more vulnerable than wired LANs?
Theoretically, WLANs are less safe than the wired local area networks. Due to wireless communication use free space as its message medium. Therefore, any PC within the coverage and with a related hardware could catch the signal from the space and access the network unless the user takes relevant defensive activities. If a suspicious user can connect to the home network, other than theft user’s private data stored in PC and consuming high internet bandwidth, an attacker may also use the home network to attempt an illegal thing, generate Distributed Denial of Service and send spams.
Why secure the home router?
These routers are straightly accessible from the world wide web, are seemingly discoverable, are frequently powered-on, and are usually vulnerable due to their default configuration settings. Those properties offer an attacker the best target to get a user’s business or personal data. The wireless characteristics incorporated into different devices add another vulnerable target.
The BCC (Budapest Cybercrime Convention) is the only available worldwide agreement that addresses computer crime, national laws, improve criminal fairness cooperation among nationwide states and accepts improved analytical techniques based on international values to effectively combat the risk from cybercrime.
How to prevent unauthorized access to the home network?
The preventive ladders are listed below in designed to upsurge the security of home routers and decrease the vulnerability of the inside network against attacks from outside sources.
- Change the default password and username: These default passwords and usernames are willingly available in many publications are well recognized by outside attackers. Therefore, users should be instantly changed throughout the preliminary router installation. It is better to use a very solid password, consisting of special characters, letters and numbers summing at least 15 characters. Manufactures of the router set default password and username for those devices in the manufacturing company for their troubleshooting purposes. Additionally, no need to change the password every 40 to 80 days. Selecting and keeping passwords for additional information on creating a solid router password.
- Change the default SSID (Service Set Identifier): This is a unique naming structure that identifies a wireless LAN. Every wireless device on a wireless LAN should use the identical SSID to interconnect with each other. The manufacturing company creates a default SSID at the manufacturing time and this SSID usually identified the actual device or manufacturer. An attacker may use the default SSID to recognize the exploit and the device any of their known vulnerabilities. People set the SSID to phrase that reveals their location, company or name. This information creates it easy for the malicious people to identify the special home network or business based upon an SSID that clearly shows the company’s location, name or an own name. For an instance, the SSID that broadcasts an organization name is an attractive target then the SSID distributing “123ABC”. Using well-known or default SSIDs makes brute force attacks against Wi-Fi Protected Access 2 (WPA2) keys very easier. When selecting an SSID to make it exclusive and not tied to our business or personal identity.
- Do not stay logged in to the management website from the home router: Home routers frequently deliver websites for users to manage and config. Do not keep logged to the cooperate website, as a defense against CSRF (Cross-Site Request Forgery) attacks. A CSRF attack will transmit illegal commands from an attacker to the home router’s management network.
- Configuring Wi-Fi PA2 AES (Advanced Encryption Standard) for data privacy: Many routers still using WEP (Wired Equivalent Privacy), which does not recommend. If the home router or other devices support only WEP, no other encryption standards user must upgrade the home network devices. The newer standard is WPA2-AES, it encrypts the communication channel between in the wireless computing devices and wireless router. It provides stronger authorization and authentication between the networking devices. Wi-Fi Protected Access 2 incorporates the AES 128-bit encryption which is encouraged by the NIST (National Institute of Standards and Technology). Wi-Fi Protected Access 2 with Advances Encryption Standard is the best secure home router settings for private use.
- Immediately disable Wi-Fi Protected Setup: It provides easier mechanism to configure mediumly secure home wireless networks. A design weakness which exists in the Wi-Fi Protected Setup specification for the password authentication pointedly reduces the time taken to brute force the entire password. Because it allows malicious people to know when the first half of the 8-character password is corrected. The lack of appropriate lockdown policy after a huge number of failed attempts to guess the password on different wireless home routers creates a brute-force attack much likely to happen.
- Limit Wireless Local Area Network signal emissions: Wireless signals frequently broadcast among the perimeters of user’s organization or home. This may extend emission permits eavesdropping by attackers outside of user’s network perimeter. It is significant to consider transmission power level, antenna placement, and antenna type. LANs are inherently much secure than wireless LANs because those are protected by the physical assembly in which these devices reside. Change the broadcast coverage surface when protecting home wireless LAN. A centrally positioned, an omnidirectional antenna is the best common type used. If it is possible, use a turning antenna to limit wireless LAN coverage to only the surface needed. Testing with signal strength and broadcast levels will also permit the user to best control wireless LAN coverage. The sensitive antenna might pick up signals from extra away than people expected, an interested malicious people might still be able to spread an access point which has partial coverage.
- Turn the home network off when not in use: Sometimes it might be impractical to turn off devices and on usually, considering this method during extended or travel offline stages. For wireless safety measures, shutting down the network will prevent outdoor malicious people from being able to exploit the vulnerability of home wireless LAN.
- Disable Universal Plug and Play when not needed: This is a handy feature permitting networking devices to seamlessly establish and discover the communication with different people on the same network. Even though the Universal Plug and Play feature help preliminary network configuration, it is a safety threat. For instance, malicious software inside the home network can use Universal Plug and Play to exploit a hole in home router firewall to permit attackers to get in. Thus, disabling Universal Plug and Play unless people have an exact need for it.
- Upgrade firmware: Same as application on our PCs, the home router firmware (software inside functioning) should have recent patches and updates. Most of the patches address safety vulnerabilities that can affect the home network. Consider a home router, check the manufacturing cooperate website to obtain if the website delivers patches to address the safety flaws.
- Disable remote management: Disable this option to keep malicious people from creating a connection with the home router and its settings through the WAN interface.
- Alert for unknown device connections: Use home router's management site to regulate if any unauthorized device has attempted to join or joined to the home network. If a suspicious device is identified, a Media Access Control or firewall filtering rule could be applied on the home router.