By Scott Tustison, Security Architect
Especially if you are working from home, now is the time to assess the security of your home network and online presence. In this series, we will explore ways to stay safer on the internet and ensure your and your organization’s important data remain private. In Part I, we’ll discuss how to secure your home network by addressing potential vulnerabilities in the hardware.
Home network hardware
Stop and think about your home network. What does it look like? Do you know what the various pieces of hardware do? If the answer is no, then the first step on your cybersecurity journey is to develop a basic understanding of what each piece of hardware does and where you might be able to fit in some additional security. This is critical to keeping your organization’s data secure.
The modem – The first thing you might see when looking at your network hardware is a device connected to a cable TV line or a telephone line (there are others that might be connected to a fiber optic line or a satellite dish, but these are less common). That device is generally referred to as your modem. The modem translates between the signal used by your Internet Service Provider’s (ISP) high-speed delivery network and ethernet, which is the protocol that you will use on your home network. The most important thing to note about the modem is that it provides you with a public Internet Protocol (IP) Address. That means that anyone on the internet can see that public address and attempt to connect. Since the modem is providing a public address, that means your first real line of defense is the device connected to the modem, which is the router.
The router –This device is sometimes called a Residential Gateway, or more commonly referred to as just a “router.” The router provides your home devices behind it with a hardware firewall, shielding them from being directly accessed by an attacker over the internet, giving them access to data that could impact your organization and customers. This is why it’s critical to secure your router at home.
If you only have a single device connected to the outside cable or phone line, you may have a modem/router combo device provided by your ISP. This is especially likely if you are renting the device from them. If this is the case, you should still be able to configure the router. It is worth mentioning, however, that some ISPs may maintain a backdoor to the device, which would allow them to connect to it remotely. That backdoor could leave your device open to an attack from the internet, so it is always recommended you purchase a separate router to use with your internet service.
Securing your router
A secure router for your home is critical to establishing home internet security for the sake of your personal privacy and the cybersecurity health of your organization. Here’s how to secure your router.
Change passwords – Most routers have a web-based configuration page that can be reached by using a browser on any computer that is connected to the router. The address is typically 192.168.0.1, or 192.168.1.1. Entering one of those addresses into your web browser should lead you to a login page for your router. If you have never been to that page before, the password is likely the default password for your router (typically something like admin or password), and that should be the very first thing you change to secure your router.
The next thing that should be changed is the Wi-Fi password. You will probably need to use a complex password (upper case, lower case, numbers, and special characters, 12 characters or more). If the router has the Wi-Fi password printed on the side of it and that password is in use, change the password – because there is no guarantee that the provided Wi-Fi password is sufficiently random.
Update firmware – Another important step to secure your router is periodically updating the firmware. Firmware is the operating system for the router. To update firmware, look for an Update button or Firmware Update button somewhere on the router configuration page. Most routers have a way to check online to see if they need to be updated. If it reports back saying it needs an update, perform the update.
If the router is very old, it may not be receiving regular updates anymore. If your router is more than five years old, consider buying a new router. Also, set a reminder every month to check for new updates. Unless you are building your own router, it probably does not automatically update itself.
Disable port features – To further secure a router, you want to disable or stop using and/or forwarding ports. A port that is forwarded through the router allows something on the public facing side of the router to connect directly to a device or software running on the private side of the router. This pokes a hole through the firewall that protects your local network, making it so any device, operating system, or application level exploits would be attainable by someone out on the internet.
Next, locate and disable the first of these port features, the Universal Plug and Play (UPnP). This feature allows an application or device to automatically request a port to be forwarded through the router. This makes it extremely dangerous since you have no control over what the applications request. If ports must be forwarded through the router for something to function correctly, just do it manually and take care that only the exact ports that are needed are forwarded. In general, most people do not need to ever forward any ports through their router.
One more step to securing a wireless router is to stop using the DMZ, or Demilitarized Zone. This feature simply forwards all open ports from a particular device through the router. To secure a router for home, this feature should never be used. It is often not in use by default and requires you to enter in the IP address of the device you wish to forward through the router. As long as there is no IP address listed, then the feature should be not in use. Be sure to keep it that way.
Making these simple changes to secure a router for home can mean the difference between keeping your data safe and bad actors accessing your confidential information as well as information that involves your company or customers. In Part II of this series, we will discuss securing your Wi-Fi, an integral part of keeping your home network secure.
For information on Octo’s cybersecurity capabilities, visit our website and take a look at the downloadable overview.