Wireless routers are an ideal target for cybercriminals. If an attacker gains control of a router, they can monitor, redirect, block or otherwise tamper with a wide range of online activities.
I recently compiled research that revealed 80% of Amazon’s top 25 best-selling Small Office/Home Office (SOHO) wireless router models have security vulnerabilities. Plus, 34% of the 50 top selling models have publicly documented exploits that make it relatively simple for attackers to target vulnerable systems.
To top it off, a recent VERT study discovered that important router security practices are not widely used by IT professionals or remote workers. Obviously, some of the most effective security strategies, like removing all SOHO wireless routers, may not be viable options for many users.
To minimize wireless attacks, here are six basic router tips anyone should include in their security strategies/training protocols.
- Don’t enable remote management over the Internet: Embedded web servers are the source of many flaws. Your corporate security policy should mandate that routers used to connect to a corporate VPN have remote management features disabled. In situations where it is necessary to manage the router remotely, it is safer to employ NAT rules allowing SSH or VPN access to manage the router. Vulnerability and configuration scanning products and services can be used to determine if employees are connecting through routers with exposed management interfaces.
- Don’t use the default IP ranges. Predictable addresses make CSRF attacks easier. Rather than 192.168.1.1, consider 10.9.8.7 or something else which is not commonly used. This is a simple but effective technique for decreasing the likelihood of a successful CSRF attack.
- Don’t forget to log out after configuring the router: Several of the routers VERT examined will not automatically log out when not in use. This can result in a situation where the web browser used to configure the router remains authenticated, opening the door for CSRF attacks. Although some CSRF attacks can be successful without authentication, this simple step will thwart traditional CSRF attacks which rely upon that authenticated browser session.
- Turn on encryption and turn off WPS: It’s much easier for a router to be attacked if someone can connect to it. Turning on AES backed WPA2 protected with a strong (26+ character) pre-shared key is ideal. WPS is a service which makes it easier for authorized clients to connect but also makes it much easier for attackers to determine your wireless passphrase, regardless of its complexity or “strength”.
- Passwords matter: Default passwords are often the same for an entire product line or are generated from a common algorithm making a device easy prey for an attacker. It is imperative that you and other users change passwords rather than using defaults. Using default or weak passwords can make it possible for malicious applications, or even web pages, attack the router.
- Keep the router firmware up-to-date: Up-to-date firmware fixes known product issues, including security problems. Routinely logging into the router to check for firmware updates makes it more likely that users may notice unusual behavior that could indicate compromise.
- NETGEAR Quietly Patches Critical Authentication Bypass
- ReadyNAS Flaw Allows Root Access from Unauthenticated HTTP Request
- ReadyNAS Vulnerability Exploit Demo Video
- Five Tips for Securing SOHO Routers
And be sure to join us at Tripwire’s RSAC Booth (3501) to get your free customized t-shirt printed on the spot, and listen to an array of in-booth guest speakers we have lined up. For the speaking schedule and information on how to obtain a free RSA Expo pass, see more details here.
The Executive’s Guide to the Top 20 Critical Security Controls
Tripwire has compiled an e-book, titled The Executive’s Guide to the Top 20 Critical Security Controls: Key Takeaways and Improvement Opportunities, which is available for download [registration form required].
Definitive Guide to Attack Surface Analytics
Also: Pre-register today for a complimentary hardcopy or e-copy of the forthcoming Definitive Guide™ to Attack Surface Analytics. You will also gain access to exclusive, unpublished content as it becomes available.
Title image courtesy of ShutterStock