Here I’ll discuss a couple of security vulnerabilities in consumer and small business-class routers and show how to prevent them from threatening your network, which usually just takes a simple setting change. I’ll discuss some newly discovered vulnerabilities in addition to some weaknesses that have been around for many years.
Many routers and other network-connected devices support the UPnP (Universal Plug and Play) protocol. This standard enables networked devices to automatically discover each other and establish connections for easily accessing the devices, sharing or streaming media, and other services.
There have been known vulnerabilities with UPnP within the local network, but it was publically discovered in early 2013 that some vulnerabilities can be exploited via remote attacks over the Internet on certain devices. This allows hackers to perform remote code execution to modify firewall and other network settings that can open your network up to further hacking. They could also perform denial of service (DoS) attacks to disturb your operations.
Though not all routers are susceptible to this vulnerability and some vendors may release updates to fix those that are at risk, its best to disable UPnP. Additionally, you should consider blocking UPnP traffic on the firewall of your router or Internet gateway.
Disable Web-based Remote Management
There are a few exploits hackers can use to take control of your router via the Internet when you have web-based remote management enabled. Thus disable it so your router’s web-based interface isn’t exposed to the web.
Instead of using the router’s remote management feature, consider connecting to the network via VPN when remote access is needed. If that isn’t possible, see if the router supports remote SSH access, which is more secure than web-based access.
Enable HTTPS Web-based Management
There are also vulnerabilities of the web-based management on your local network. A rogue user or hacker with internal access could eavesdrop on the network traffic and possibly capture or crack your logins to the router’s web-based interface. Once they have access they could change the router settings and create a security hole in the network. To prevent capturing or cracking of your router’s password, enable HTTPS access if it’s offered.
Verify the Firewall is Enabled
Though it’s usually enabled by default, ensure the router’s firewall is enabled. Also use any optional security features like turning off ping responses and using any features that help prevent DoS attacks.
Change the Admin Password
Though you take steps to prevent hackers from having access to the web-based management, you should still change the default admin password. This will also help protect your router incase users on network try to access it.
Enable Logging and Review Logs
Most routers have a logging feature that logs informational and security alerts. Ensure logging is enabled and check them periodically for signs of attacks. You might find signs of hacking attempts and other issues.
Safely Store Your Router Backup File
If you save your router’s configuration, ensure the backup file is stored in a secured location. There are utilities that can perform off-line cracking of the admin password using the backup file.
Upgrade Your Firmware
As mentioned, vendors can—but aren’t required—to release updates to their networking gear to patch known security holes, improve the device, and even add new features. So keep an eye out for firmware updates for your models. Visit the vendor’s website to view the firmware downloads and then check your device’s firmware version to see if there’s a newer version you can update to.