OCS banner and logo
Keeping clients' computers safe and profitable for over 30 years



Home Forms About Current Newsletter subscribe 
Search All Articles

Browse by Category


powered by pmc2m

 

Router safety

 
Preview:
Routers stand between you and millions of nefarious characters who'd like to break into your computer. Here's the steps necessary to keep it secure.

Routers have become the focus of many new malware and spyware attacks. There are two terms you need to understand.
  1. Modem: A modem connects to your Internet provider and translates their signal to a standard signal which it can send out via an Ethernet cable.
  2. Router: A router sits between the vast Internet coming into your home or office through your modem, and your local computers and other devices. Normally, Routers provide for both Ethernet and WiFi connections. It is a computer and stands as a wall between you and millions of nefarious villains.
This is made confusing because often Internet service providers like Comcast or Ziply will rent you a single device which combines both functions. For a long time, I recommended against this option because it wasn't cost-effective and I didn't trust them to do a good job. Now, I'm not so sure. Nefarious hackers are attacking our routers more frequently. Since our routers are computers connecting to the Internet and millions of miscreants, they need security updates and proper setup. If my clients don't want to pay me to do it, and won't do it themselves, then perhaps leaving it in the hands of their ISP and hoping, could be their best option.

One of the reasons there are so many attacks on routers now is that more people are working from home, and logging into their office computers through their home computers via their routers. If miscreants can penetrate the cheap family router, they have an avenue into the corporation.

Basic safety rules

There isn't a lot to do and the router makers are working to make it easier. This simple checklist will let you know what you should do or make sure your computer consultant does.

You need 3 passwords for 1 router!!!

This frequently confuses my clients, but you need to understand it. Be sure and store those passwords and other critical information in your password safe.
  • You need a username and password to access your router. This has nothing to do with WiFi. Remember that the router itself is a computer and you need to log into it so you can set up the WiFi, choose options and configure your security. This password can be difficult and you should store it in your password safe. You shouldn't try and remember it. Lock it into your password safe. Other information needed regarding your router:
    • The router is a computer. It has an internal web page that you access through your browser or sometimes through a phone app. You'll need that address. That address goes in the address bar of your browser, so you can log in to your router. Addresses are often 198.162.0.1 or 198.162.1.1 or 10.0.0.1 or something similar. Just like you might log into Amazon or your bank, you need to be able to log into your router.
    • The make and model of your router.
    • The router login will be like other web logins, you'll need a username and password.
    • Store these 5 things in your password safe: router address, username, password, make and model.
  • WiFi Network name and password. Again, you should store these in your password safe.
    • The network name is often called the SSID. The password is often called a key, pre-shared key or network key. Unless you have a business and want the name to show, I suggest that names convey NO information. A name like veges or snickers will work fine. If someone tries to break into your network, give them no indication of who you are, where you live or what brand of router they're attacking.
    • The password will have to be something which you'll need to type into your phone and tablet to gain access. When you design a good password for home or office WiFi remember that you'll need to type it on a crummy often tiny keyboard but also make it difficult to crack.
  • Guest Network name and password. If you have guests, or a smart TV, or other "smart" devices that need to connect to the Internet keep them off your real network. Thermostats and TVs don't belong on your home network. Guests don't belong on your office or home network. Have an easy password and nice name for the separate network.

Configuration settings

  • Turn off WAN access. WAN stands for Wide Area Network. WAN access is access from the Internet into your router without being a response to your query. In other words, can people from the Internet, anywhere in the world, just access your router like you access Amazon? If this is necessary, work with someone who knows what they're doing to restrict access properly. If you don't have a special need, turn it off.
  • Turn off WPS is a stupid broken attempt to make setting up your WiFi easier. It is an acronym for WiFi Protected Setup, except it isn't very protected. Just put in the SSID and password.
  • Turn off UPnP. Universal Plug and Play is a feature that lets programs log into your router, access and install things without you being in charge. It can make the setup of some things easier, but turn it off. If you need to install something that relies on it, and that doesn't scare you off, you can turn it on.
  • Setup a protected secure DNS service. Your browser and computer use a DNS service to translate web page names into addresses your browser can find. You want your DNS to be fast and secure. Hopefully, it will also add some security by blocking malware sites. I recommend these two which are secure, fast and block many malware sites.
    • Quad 9: uses 9.9.9.9 for ipv4 and 2620:fe::fe for ipv6. For secondary it uses 149.112.112.112 for ipv4 and 2620:fe::9 for ipv6
    • Cloudflare: uses 1.1.1.2 for IPV4 and 2606:4700:4700::1002 for ipv6. For secondary use: 1.0.0.2 and 2606:4700:4700::1002
  • Many routers will give you pull down menus in their DNS settings where you can just choose these without needing to enter the numbers yourself.

Keep your router updated

As I've said, your router is a computer. It will have security flaws and if the maker is reputable they will patch their security flaws and make router updates available. This might be offered automatically, or you may need to do the updates manually. If you're renting a router, your updates will be handled by your ISP. However, if you own your router, check it every 3 to 6 months for security updates and apply them. This will download a file and then update the firmware in the router. The process will take about 5 minutes. There is normally a button on your router to check for or perform an update.

Except for keeping the router up to date, you can do all these security measures once you're finished. Only the update process needs to be repeated.




Date: September 2022


Creative Commons License
This article is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License.

 
 
  Please direct questions/suggestions about website to the webmaster