In my experience, most people who install a home network never change the security settings on their router. While this makes setting up a network a breeze, in most cases you are left with little or no security. This post will show you how to implement a few simple changes that will go a long way to harden your network against intrusion. The first thing you will need to know is your routers internal IP address so you can access its control panel. Depending on the brand, it is usually something like http://192.168.1.1 or http://192.168.0.1. You can go here for a list of the most common default router IP addresses and passwords.
Change your admin password
The default router login password combinations are easily found on the internet. There have been several documented exploits that take advantage of this. These attacks are successful only when the target router's login had been left at the factory default setting. What this means is that if a user had simply changed their password they were immune to the attack. If your router's password is the default value, you're asking for trouble, so change it.
Turn on Wireless Security
With wireless security turned off your router is left wide open and anyone within range of it can connect to it. You must turn on wireless security. It is best to use WPA or WPA2 if possible, as the preferred method of encrypting your network. If you have older devices that are not compatible with WPA you will have to use WEP, WEP is better than nothing but is very easy to crack so if WEP is your only option set up MAC filtering also. When you enable WPA choose WPA-PSK and enter a strong passphrase like "I like grilled cheese sandwiches" You can enter 8 to 64 characters, including spaces. When a computer or other Wi-Fi device tries to connect to the router it will not be able to access the network without the passphrase.
Turn off SSID Broadcast
The SSID is the broadcast name of your wireless network.. It can be seen by any Wi-Fi enabled device within range. You can turn the broadcasting feature off so that the router appears invisible to casual wireless snoopers. Turning this feature off won't hide your network's presence completely, but the fewer people that know about your network, the better.
Turn off UPnP
UPnP, or universal plug and play, is a feature that lets devices on your network self-configure your router to work with them meaning that they can open ports as needed. This is great for setting up networked devices such as game consoles, but it’s also a security hazard. A malicious program on a computer inside your network could use UPnP to open a port in your router’s firewall to let outsiders in. So if you don’t need it, turn off UPnP.
Turn Off External Pings
This setting allows your router to respond to inbound ICMP or “ping” requests from the Internet. It's usually turned off by default, but you want to be sure. If your router is replying to pings, your network becomes visible to hackers, which in turn incites them to probe further for security holes.
Thursday, May 21, 2009
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment