Routers are the primary doorway to any network. You always have to ensure adequate protection for your router to keep the cybercriminals away from your system. Unfortunately, many users and administrators still take routers security for granted. Infamous botnets like Mirai, Brickerbot and Gafgyt are doing the rounds since years. They are predominantly infecting and taking over the networks to execute Denial-of-Service (DoS) attacks or for other malefic intentions, including Cryptomining.
Along with the existing threats, new attack methods are also emerging to worsen the scenario. According to research, over 98-percent of IoT attacks get executed, targeting either routers or CCTV cameras. Hence you should be more concerned if you are dealing with a router every day either at home or office. Here go a few crucial tips to protect it from the predators.
Password
Routers often come with default username and password as default security measures. The list of such default credentials are widely available on the internet, and hackers often use them as the first combination for brute-forcing the router. Hence, while installing a router on your network, change the default credentials immediately. Compose your password combining characters (lower and upper caps), numeric and special characters. As a smart tactic, you can use a different keyboard while logging in.
Restrict the Router Management Interface
Most of the routers could be configured via 192.168.0.1, 192.168.1.1, or 192.168.1.2. These home IPs are used by default for managing the router remotely. To block unauthorized access, you should always configure the default IP address via Dynamic Host Configuration Protocol (DHCP) and restrict the remote management tool. You should also limit the default IPs assigned to the router as an added protection.
Use Incognito Mode
Always use the incognito or private mode available in your browser, while configuring your router. It helps you to restrict the cookies to save username and password.
Get rid of WPS
Router manufacturers usually feature WPS to install the network efficiently. Unfortunately, many routers WPS implementation are prone to vulnerabilities; thus, the best idea to keep your network safe is to turn off the WPS and configure it with WPA2.
Firmware
A few dated routers can’t install the updates automatically. Hence it’s a better idea to check for updates at the vendor’s support website. Update your router whenever available.
A few enthusiast communities develop and update custom firmware, available on the internet. IF you find a custom firmware available for your router, install it. But you should be careful enough while modifying your device firmware; else it might get bricked.
Restrict routers services exposed to the internet
By default, most of the routers keep several ports open even when they are not in use. Universal Plug and Play (UPnP) and Secure Shell (SSH) are the two such most commonly exploited services to hijack your router. Turn off such services if not used often.