How are the routers used in the home network?
Our home router has become an internal part of the global communication footmark when the use of the Internet has developed to contain home-based telework, entertainment, personal financial management, social networks, school work, and businesses. The router facilitates the broadened connection. Almost all these devices are pre-configured by the company that made them and are plug-and-play for immediate use. After installing a router at home, people frequently connect directly to the World Wide Web without conducting any additional configuration. People might be reluctant to enhance safeguard configurations because those configurations may seem a bit difficult or people are unwilling to spend more time with these advanced configuration settings.
Wired or Wireless?
Wired LANs: Interconnect two or more routers via ethernet (RJ 45) cables. These LANs usually use centralized devices like switches, routers, and hubs (not used these days) when they need connection among a huge number of PCs. Wireless LANs: Interconnect two or more routers through the Wi-Fi. The infrastructure shall be either AD-hoc mode or infrastructure mode. Both wireless and wired have their own disadvantages and advantages. Wireless LANs are the current trend due to a few reasons:
- Mobility support
- Wireless is the future trend
- Ease of installation
Why wireless LANs are more vulnerable than wired LANs?
Theoretically, WLANs are less safe than the wired local area networks. Wireless communication uses free space as its message medium. Therefore, any PC within the coverage and with related hardware could catch the signal from the space and access the network unless the user takes relevant defensive activities. If a suspicious user can connect to the home network, the user’s private data stored on PCs and NAS drives can be stolen and an attacker may also use the home network to conduct illegal activities such as participating in Distributed Denial of Service (DDoS) attacks, and send spam emails.
Why secure the home router?
Home routers are directly accessible from the Internet and are usually vulnerable due to their default configuration settings. Those properties offer an attacker the best target to get access to the network. The wireless characteristics incorporated into the devices add another vulnerable target.
The BCC (Budapest Cybercrime Convention) is the only available worldwide agreement that addresses computer crime, and national laws, improves criminal fairness cooperation among national states, and accepts improved analytical techniques based on international values to effectively combat the risk from cybercrime.
How to prevent unauthorized access to the home network?
The preventive ladders are listed below to upsurge the security of home routers and decrease the vulnerability of the inside network against attacks from outside sources.
- Change the default username and password: These default username and password are willingly available on the Internet as well as recognized by outside attackers. Therefore, users should instantly change the default password with a strong password, consisting of special characters, letters, and numbers summing at least 10 characters. Manufacturers assign a default username and password for consumers to log in initially and make configuration changes.
- Change the default SSID (Service Set Identifier): This is a unique naming structure that identifies a wireless LAN. Every wireless device on a wireless LAN should use an identical SSID to interconnect with each other. The manufacturer creates a default SSID at the manufacturing time and this SSID usually identifies the actual device of the manufacturer. An attacker may use the default SSID to recognize the exploit and discover any known vulnerabilities. People set the SSID to a phrase that reveals their location, company, or name. This information creates it easy for malicious people to identify the special home network or business based upon an SSID that clearly shows the company’s location, name, or owner's name. For instance, the SSID that broadcasts an organization's name is an attractive target than the SSID distributing “123ABC”. Using well-known or default SSIDs makes brute force attacks against Wi-Fi Protected Access 2 (WPA2) keys very easier. When selecting an SSID, make it exclusive and not tied to the business or personal identity.
- Do not stay logged in to the management website from the home router: Home routers frequently deliver websites for users to manage and configure. Do not keep logged to the cooperate website, as a defense against CSRF (Cross-Site Request Forgery) attacks. A CSRF attack will transmit illegal commands from an attacker to the home router’s management network.
- Configuring Wi-Fi encryption to PA2 AES (Advanced Encryption Standard): Many routers from the old days use a weak WEP (Wired Equivalent Privacy) encryption. The newer encryption standard is WPA2-AES, which encrypts the communication channel between the wireless computing devices and the wireless router. It provides stronger encryption between the networking devices. Wi-Fi Protected with AES 128-bit or 256-bit encryption is encouraged by the NIST (National Institute of Standards and Technology), and it provides the best wireless security.
- Disable Wi-Fi Protected Setup (WPS): A major security flaw was discovered in the WPS routers, and it is no longer a good security setup to use. A design flaw that exists in the WPS specification for password authentication pointedly reduces the time taken to brute force the entire password. Because it allows malicious people to know when the first half of the 8-character password is corrected. The lack of an appropriate lockdown policy after a huge number of failed attempts to guess the password on different wireless home routers makes a brute-force attack much more likely to happen.
- Limit Wireless Local Area Network signal emissions: Wireless signals are frequently broadcast among the perimeters of the user’s home. This may extend emission permits eavesdropping by attackers outside of the user’s network perimeter. It is significant to consider transmission power level, antenna placement, and antenna type. LANs are inherently much more secure than wireless LANs because they are protected by the physical assembly in which these devices reside. Change the broadcast coverage surface when protecting the home wireless LAN. A centrally positioned, omnidirectional antenna is the most common type used. If it is possible, use a turning antenna to limit wireless LAN coverage to only the surface needed. Testing with signal strength and broadcast levels will also permit the user to best control wireless LAN coverage. The sensitive antenna might pick up signals from far away than people expected, and interested malicious people might still be able to spread an access point that has partial coverage.
- Disable Universal Plug and Play when not needed: This is a handy feature permitting networking devices to seamlessly establish and discover communication with different people on the same network. Even though the Universal Plug and Play feature helps preliminary network configuration, it is a safety threat. For instance, malicious software inside the home network can use Universal Plug and Play to exploit a hole in the home router firewall to permit attackers to get in.
- Upgrade firmware: Same as the application on our PCs, the home router firmware (software inside functioning) should have recent patches and updates. Most of the patches address safety vulnerabilities that can affect the device. Consider updating router firmware as often as possible.
- Disable remote management: Disable this option to keep malicious people from creating a connection with the home router and its settings through the WAN interface.
- Alert for unknown device connections: Use the home router's management site to regulate if any unauthorized device has attempted to join or joined the home network. If a suspicious device is identified, a Media Access Control or firewall filtering rule could be applied to the home router.
Share this post
Leave a comment
All comments are moderated. Spammy and bot submitted comments are deleted. Please submit the comments that are helpful to others, and we'll approve your comments. A comment that includes outbound link will only be approved if the content is relevant to the topic, and has some value to our readers.