The basics of any home setup
Many computer users don’t actually realise it, but their routers are the most important electronic device in their home. Routers link most of their devices together and to the outside world, so it has a highly privileged position that hackers have learnt to exploit.
Many consumer and small-business routers come with insecure default configurations, have undocumented backdoor accounts and firmware that can often contain flaws. Some of these problems can’t be fixed by users, but there are many actions that can be taken to at least protect these devices from large-scale, automated attacks.
Change the default admin password
Most routers come with a default administrator username and password, attackers constantly try to break into such devices using these publicly known credentials. After you connect to the routers management interface for the first time through your browser make sure the first thing you do is change the admin password.
Choose a complex Wi-Fi password and a strong security protocol
When configuring your Wi-Fi, WPA2 should be the option of choice, as the older WPA and WEP are susceptible to brute-force attacks. If the router offers the option, create a guest wireless network, also protected with WPA2 and a strong password. Let visitors or friends use this isolated guest network instead of your main one. They might not have malicious intentions, but their devices might be compromised or infected with malware.
Use MAC address filtering
Many routers allow the restriction of unknown devices by MAC address (your devices unique identifier), this gives you full control over who uses your Wi-Fi network. You can whitelist your devicesÂ and block all others, enabling this feature can prevent attackers from connecting to a Wi-Fi network even if they stole its password… and yes, neighbours and passerby unfortunately wont have access to your network any more either.
Keep your routers firmware up to date
Some routers allow checking for firmware updates directly from the interface while others have an automatic update feature. It’s a good idea to regularly check the manufacturers support website manually for firmware updates for your router model.
Check and close router port 7547
You can use the tool below to determine if your port 7547 is open to the public internet. If it is, we suggest you contact your ISP (Internet Service Provider) and ask them to prevent outsiders from accessing that port on your home router. By blocking public access to port 7547 you will protect yourselfÂ and your home network.
Wordfence who are a trusted security network offer a free tool which will check the IP you are visiting their site from and determine if your port 7547 is open on your router and if it is vulnerable to the misfortune cookie vulnerability.
Change the routers LAN IP address if possible. Most of the time, routers will be assigned the first address in a predefined netblock, for example 192.168.0.1. If offered the option, change this to 192.168.0.99 or something else that’s easy to remember and is not part of the DHCP pool. The entire netblock used by the router can also be changed to one of those reserved for private networks. Doing this will protect against cross-site request forgery (CSRF) attacks that try to access routers through users browsers by using the default IP addresses commonly assigned to such devices.
Even inside the LAN, it’s good to restrict which IP (Internet Protocol) addresses can manage the router. If this option is available, it’s best to allow access from a single IP address that is not part of the pool of IP addresses assigned to computers via DHCP (Dynamic Host Configuration Protocol). For example, configure the routers DHCP server to assign IP addresses from 192.168.0.1 to 192.168.0.50 and then configure the web interface to only allow access from 192.168.0.53. The computer should be manually configured to use this address only when you need to connect to the router.
Port forwarding should be combined with IP filtering. Services running on a computer behind a router cannot be reached from the internet unless port forwarding rules are defined on the router. Many software programs will attempt to open ports in the router automatically via UPnP, which is not always safe. If UPnP is disabled, rules can be added manually and some routers offer the option to specify the source IP address or netblock that can connect on a specific port to reach a certain service inside the network. For example, if you want to access an FTP server on your home computer from work, you can create a port forwarding rule for port 21 (FTP) in your router, but only allow connections from your company’s IP netblock. Source: PC World (IDG).
We hope you have found this article useful, if in any doubt contact your ISP for advise.