Protecting your network starts by protecting all of the access points. One of these points is your router. The router is the entry and exit point of your system. Your network connects to the router, which then connected to the internet. If you’re able to provide incredibly strong security at your router, it will be much harder for hackers and other cyber-terrorists to get into your system. However, most people don’t realize that this security needs to be more than just a firewall and a virus scanner. There are a number of physical things you can to do help protect your router, too.
1. Place Your Router Somewhere Safe
Your router broadcasts your network’s Wi-Fi signal, which means if it’s close enough to an outside wall or window, anyone nearby will be able to attempt to access your network. If you place it in the center of your office building, it’s less likely that you’ll leave yourself open to an attack via Wi-Fi. Someone would have to get fairly close to your building in order to hijack your internet, and you would likely notice them.
2. Add Encryption
Make certain that you have WPA2 encryption turned on. This is one of the strongest encryption options you can use for your router, and you should have it enabled at all times. You also need to secure it with a strong password that is not easy to guess. Make sure it includes a mixture of upper and lower-case letters, numbers, and symbols.
You also want to make sure that you’ve disabled WPS. This is a default setting that actually makes your password easier to hack. Be sure you check through all of the default settings on your router and turn off or modify any that leave your system open to network attack.
3. Change the Router’s Default Administrator Settings
Every router company sets the exact same administrator username and password on all routers they make. This means anyone with the same brand of router may know your username and password! You need to immediately change both of these in order to protect your network. If someone can access your router, they will be able to completely shut you out of it and cause havoc with your system.
When changing your router’s password, make sure you follow the rules of a strong password. Also, be sure your password isn’t something easy to guess or figure out. Random sequences of numbers, letters, and symbols are your best bet.
When you’re finished making changes on the router, always be certain you log out. If you leave the administrator account logged in and step away from your computer, someone else may make use of it.
4. Use an Intrusion Detection System
Adding intrusion detection software such as Snort can assist your IT team in detecting when someone has broken into your system. When someone breaks into your system, this detection program will immediately sound the alarm and quarantine the intruder, preventing it from accessing any of your processes or sensitive information.
This software will monitor what your user accounts are doing, too, and will alert you when someone is doing something suspicious, such as trying to respectively access data they should not have access to. You can download an IDS software such as Snort (owned by CISCO) and easily add this extra layer of protection to your network.
5. Keep Your Firmware Updated
Just like a virus scanner, anti malware software, and other programs, you have to make sure you keep your router’s firmware up-to-date. This firmware may contain patches and other fixes that address router security and functionality. By updating it when new versions are released, you can make certain hackers don’t manage to make use of vulnerabilities found in routers security functions.
6. Make Certain You’ve Disabled Remote Management
If someone can log in and remotely manage your router, you might discover that you’ve completely lost control of it one day. Disable this feature so that VPN or SSH access are the only options allowed. You should never need to use remote management without using a virtual private network, so you shouldn’t be losing any functions that you regularly use.
You also want to make sure that your VPN is secured when using public Wi-Fi hotspots. Otherwise, you may find that your access has been compromised anyway. If that occurs, quickly reset all of your passwords and do a full network scan to make certain nothing has been compromised.
7. Change the IP Ranges
Most routers begin your IP range at 192.168.1.1, but you don’t have to leave it at that. You can change this range to help stop CSRF attacks. Most people don’t realize that you can change every sect of digits, so you can make your default IP range start at something like 326.482.6.3. Simply make up a number to make it more difficult to guess.
8. Change Other Default Settings
There are a number of other settings on your router that you need to change to make sure that hackers can’t gain access. First, you need to disable the IPv6 services. Most businesses won’t need these services, but if you do, the safest option is to actually buy a new router that is IPV6 certified. This means it has additional security and other features that help stop hackers who attempt to use IPv6 to break into your system.
Also, be sure that you set the DNS servers on your router to automatic or DHCP. This will create a static value that can be manually set from information your ISP will provide you.
If you have only a small number of devices using your network and know that no other devices will need network access, you can use Mac filtering to only allow devices with specific MAC addresses to connect to the network. This does take a bit of work because you’ll need to find the MAC addresses of every device and enter them into the filter list. Once you do, though, you can be assured that no other devices will be able to get access to your network.