Protect wireless routers from invisible threats

This article describes in detail how to protect a wireless router and how to perform specific operations. I believe this article will help you.

A router is the most important network interconnection device between a LAN and the Internet. It can be said that there is no Internet without a router. The rapid development of the Internet has quietly led to the rise of Small wireless local area networks. Users can work and shop online to enjoy the convenience and pleasure brought by the Internet. However, when we enjoy these advantages brought by the network, malicious users, including hackers, will use various means to steal various sensitive information, such as bank accounts and passwords. Researchers from the Computer Science Department at the Indian University recently published a survey report, which summarizes hacker access and tampering with home network router configurations, describes how hackers use JavaScript embedded in the Web page to log on to a router superuser account and modify its DNS configurations.

Once a vro connects to a hacker-controlled DNS server, the vro can be used as a stepping stone for various malicious needs, from malware infection to user identity theft through "phishing. The University of India reports that this attack does not take advantage of any browser vulnerability, and, more importantly, it seems to work on almost any vro, regardless of the brand or model.

More interestingly, this type of hacker behavior only occurs when the default administrator password of the target router is still configured by the manufacturer by default. In other words, as long as the user simply changes the default password, the user will be protected because the attack relies on the default password provided by the well-known device manufacturer.

In fact, many routers still use this default password. In fact, many automatically configured vro wizard does not prompt you to modify the default administrator password. Most vro manufacturers place the setting method in a menu that is not noticed. This makes it easy for you to manage and change the default password.

This specific attack situation shows that even a seemingly secondary local setting will have a profound impact on security. Therefore, it is necessary to check some specific measures so that we can be confident that the wired or wireless router-or even further-our network can be as secure as possible.

Modify the administrator password of A vro

As mentioned above, if your vro password is "password", "admin", "1234", or any other default password, you are simply looking for your own troubles, modify it now!

Modify the default SSID

Just as many users ignore changing the vro password, many users may still maintain the default wireless network SSID. SSID/ESSIDService Set Identifier) is the "Service Group Identifier", used to distinguish different networks, a maximum of 32 characters are allowed. The wireless network adapter can access different networks with different SSID settings. The SSID is usually broadcast by the Access Point. However, the SSID almost always specifies or indicates the name of the device manufacturer, so that other information can be inferred. Do not use the default SSID to create your own SSID, but avoid using it, such as your home address, birthday, or name.

Disable SSID Broadcast

The Broadcast SSID can easily connect new wireless devices to your network. However, it is definitely not a good idea to broadcast your network to any "passers-by" in the wireless communication area. Disabling this feature will not absolutely hide your presence, especially for those who use special software and are determined to break in. However, the less people know your information, the more favorable the situation is. In fact, as long as you know your SSID, you will not have any trouble when setting up a new device.

Do not use WEP When Using WPA

In recent years, although WEP's vulnerability has been widely documented in many documents, many companies are still using it, and it is still the default encryption method on some devices. In fact, there are still some wireless products that are mostly non-PC devices, such as streaming media devices) that do not yet support WPA but only WEP.

Remember: the most basic requirement is to use WPA to encrypt your wireless network, and avoid buying or using devices that force you to use WEP to adapt to it. Using WPA not only greatly improves security, but also has excellent adaptability. Because it does not need to be selected between ASCII or HEX as WEP does, And the encryption key does not need to comply with specific length rules, WEP Data Encryption can be configured with 64-bit or 128-bit, the WEP with 128 bits must be limited to 13 or 26 characters .).

Reduce the power of wireless devices

If your vro supports this function, lower the power setting of your wireless device and try your best to keep the signal within your office or home. There may be errors during the adjustment process, so try several more times. Although it may be a bit difficult to precisely control the signal transmission range, you can minimize the number of signals that are distributed to the street or neighbors. However, your WLAN may be more secure. Why not?

Disable or reduce DHCP use

DHCP's automatic IP Address Allocation Function is extremely convenient, especially when you have multiple systems to manage. But remember that DHCP will "happily" give any system available IP addresses that require IP addresses. If you only have a limited number of devices, disable DHCP. Assign a static IP address to the device, which makes it more difficult for unauthorized users to obtain the valid IP address of your network.

Another method is to enable DHCP but reduce the size of the address pool. Most routers generally have more than 250 available addresses) in the address pool. In fact, the total number of these IP addresses far exceeds the number required by the wireless network, which leaves a lot of address space for unauthorized users. You should limit the number of available DHCP addresses to the number of devices you own so that you can use IP addresses while preventing network intruders from obtaining these IP addresses.

Enable MAC Filtering

Although MAC address filtering should not be used to replace wireless network encryption, MAC filtering can be used as a useful supplement to encryption. Most routers support this feature, which can restrict the access to the network from devices with the specified MAC address. Configuring MAC address filtering is sometimes boring, but fortunately many routers allow you to easily add connected devices to the filtering list, this will save you a lot of time and effort, because you do not have to manually retrieve the MAC address of each device.

Confirm that the DMZ has been disabled

DMZ is the "isolation zone", which is located in a trusted internal network such as a private or dedicated LAN) with untrusted external networks such as the public Internet) between a computer or a subnet, is to solve the problem that the external network cannot access the internal network server after the firewall is installed, but a non-security system and the security system between the buffer. The DMZ feature of a vro is usually disabled by default. However, you sometimes forget to undo it after you enable it to solve the fault. Because DMZ represents an IP address that is open to the Internet, any system that is inadvertently placed here will be completely exposed to risks.

Disable PING response

This setting allows the router to respond to ping commands from the Internet. By default, the ping response is disabled, but you should confirm that it will leak some status information of your network to potential hackers, in turn, this will allow hackers to further explore your network.

Avoid Remote Management

Most routers have this feature, which allows users to access the system and perform management from outside the network. In most cases, this feature does not work, so you should disable it unless you really need it. However, if you really want to use remote access, change the default port number, which is usually 8080 or 8888) to a smaller value.

Review security logs

With the built-in firewall function of the wireless router, you can view your router records, which is a very effective method to detect potential security risks. Using outgoing records, you can also find Trojans and other malicious programs that attempt to establish external connections.

Undoubtedly, these measures are critical for small LAN wireless routers, and most configurations are quite simple. The measures described here should be of some guiding significance for us to correctly configure and manage vrouters in large networks.