We tend to worry more about the security of those devices connected to the network, such as smartphones or computers, but many times, due to ignorance or giving greater importance to these devices, we forget to protect the first gateway for a possible malicious attack: the router from which we connect.
“As users, we are very aware of the precautions that must be taken to prevent criminals from entering our homes and stealing our physical possessions. However, most of the time we overlook the hidden threats within the digital environment. With a minimum of training and effort, any user can make a big difference in the security of their devices”, says Eusebio Nieva, technical director of Check Point Software for Spain and Portugal.
The importance of shielding your router
We are more aware of the vulnerability that may exist in devices such as smartphones, computers or the different products that make up the “Internet of Things” (IoT). However, we rarely give the router the attention it deserves when it comes to security.
On many occasions, the target of cyber attackers is one step before them, going for the first vulnerable device in a network: the router. Many users, mainly due to ignorance, choose to keep the basic configuration of the router provided by the service provider (ISP). They install, connect… and navigate without further worries.
In fact, according to a study carried out by the Telecommunications Terminal Equipment Manufacturers Association (VTKE), currently 80% of consumers in Spain use these standard devices. This is clearly a mistake, since they are exposed to possible security breaches if a series of additional measures are not taken.
Protect your network in 8 steps
To try to shield your router as the first gateway for those responsible for a computer attack, we can implement a series of measures proposed by Check Point Software Technologies, a leading provider of cybersecurity solutions worldwide, for our router, both inside of the work environment as well as for the home network.
First, they recommend updating and managing administrator passwords. We know of the problem that there is worldwide with leaving passwords by default and this also applies to routers. Like any other device, create strong and unique passwords (don’t use them across multiple products or services) that combine upper and lower case letters, numbers and letters, and some special characters.
Another recommendation is to activate a higher security encryption: WPA2 or WPA3. Although the operator’s routers already have this type of encryption on many occasions, some cheap ones still work under the WEP protocol, which is obsolete and vulnerable. If our router does not support this type of more advanced security, perhaps you should upgrade your router to a better one.
Don’t forget to disable remote admin access as normally carrier routers allow access to admin settings also via WiFi wireless connection. By deactivating this option, we will limit access to this control panel through a physical connection via an Ethernet cable, avoiding intrusions by people outside the home that pose external threats.
As we have already recommended on other occasions, it is key to keep network equipment updated. The different firmware updates also add new security patches. Keeping our router up to date can help us prevent many unpleasantness.
Although many models already integrate firewall in the firmware, in many cases these functions are not enabled by default, having to configure them manually. In this way, with the router’s firewall activated, all communication data between the Internet and the home network is analyzed to protect the security of your network.
Another tip is to disable WPS and UPnP connections. Although they are two popular forms of connection due to their ease and speed of use, unfortunately these forms of connection have proven to be vulnerable to possible external attacks, with some serious security flaws.
Although it may seem harmless, the SSID, the name that identifies our network, can provide data that gives clues about the model and manufacturer of the router and can make things easier for cybercriminals. Hiding or changing the SSID can help, the less data cyber attackers have, the greater our security.
Finally, the recommendation is not to have the connection active 24 hours a day, one of the most obvious and ignored steps, since in many cases we do not need to maintain an active connection 24 hours a day, being able to cut off access to it during the vulnerable hours when we cannot offer an immediate reaction to an attack.
