Just as your home is protected by closing and locking the outside doors, so your online security protected by the device that allows internet traffic, your router. Recent news articles suggest that the threats are real. Do these simple things to make sure your online “door” is closed and locked.
The router is usually installed between your internet provider’s device, such as a cable modem, and your computer. Most businesses and homes today have routers that allow wireless access in addition to a wired connection (Ethernet cable). The router does a lot of work to manage all those bits that travel to and fro with your computer(s). And because of its role in the process, it has information that you don’t want just anybody to know, particularly in regard to vulnerable devices such as computer drives and backup drives.
Taking the steps summarized below will require some basic knowledge of software and the documentation for the router in use. If you do not have the router documentation, find the brand name and model number on the device and do a search using that information and the word “documentation”. Most manufacturers maintain a good library of product documentation on their website. You will also need to have local (physical) access to the router’s management console or application. As a general rule, if you know your “internet gateway”, expressed as an IP address, typing that IP number in your browser window will display the login screen to the management application on the router itself. Get help finding that address on Windows or Mac computers.
Steps to protect your router from snoopers
The steps below are listed in order of descending priority, from “you gotta do this, it’s computing 101” to “I’m paranoid about identity theft.” This list is not comprehensive. Most homeowners require no more than is listed. Homeowners with extensive network infrastructure, such as those with home automation and management controls, or business owners/managers should consult a networking professional to ensure the integrity and security of their router, as well as other elements of the network landscape.
- The management console should be protected by a password. In some cases routers come with a standard password, or no password, to make the initial setup and installation easier. Do not let this “easy” password remain in force – change it at your earliest opportunity, and make it a good password. Tip: describe in one sentence the setting of your router, and use the first letter of each word with a ending capital letter and random punctuation mark. For example, if your black and blue router is resting on a small glass table to the left, the router password might be “bablsgT”. If you are doing this for your home router, it’s probably OK to write the password down on the router itself or better yet, in the manual that you keep filed away. Business operators should have a better way of recording and storing important IT-related access codes.
- Encrypt the wireless signal. Most routers these days perform WPA or WPA2 encryption protocols. There is rarely a good reason not to do this.
- The router firmware should be kept up-to-date. The management console will help you to do this by explaining what to do and what to expect.
- Separate the functions. Many routers today allow managers to separate internet access from access to the router itself or to devices that may be plugged into the router, such as a printer or back-up drive. That’s why you may have noticed routers with a “-Guest” suffix in the name. Deploying this functionality is an easy way to keep intruders away from connected devices while allowing guests (such a visiting family) to browse the web. But do so cautiously, and only if you need to, or when you need to.
- Don’t broadcast the router name (the SSID). The router can “broadcast” its name to make it easy for you (and others) to find and connect to it. It may be more prudent to restrict that broadcast. If you do, your device won’t “find” the router automatically; users will need to type the name and password before the computer, tablet or other device can connect to it. See your router or device documentation on how to set this up and how to connect to a router that doesn’t broadcast its name.
- Require a wired connection to access the management console. Some routers allow managers to stipulate that router configuration can only be accomplished by a computer that is connected to the router via a wire such as an Ethernet cable. This makes it harder to gain access to the router, and makes it inconvenient in certain installations, all of which is a good thing if you’re worried about some outsider snooping around your private internet communication.
- Install MAC filtering. Most routers allow this feature, which restricts access to the router (or its management console) by computer. Each computer’s network card has a unique identifier, Media Access Control (MAC) that is essentially the social security number of the computer world. You can specify allowable MAC addresses such that a computer not on the list will be blocked from accessing the router.
- Restrict router traffic types. If you have a simple installation at home, you may wish to restrict the traffic from say, FTP or bit torrent data transfers. An advanced topic, this should be carefully considered by reviewing the documentation and researching the requirements of your network.
Peoples Bank works hard to protect your identity. The bank takes online security very seriously and constantly monitors its own systems and procedures, as well as the news in service to its shareholders and customers. Diligence is required by both parties. The threats, and their complexity, continue to mount. The topic of online security is a regular feature of this blog. Read other posts and subscribe to the RSS feed to learn of additional content as soon as it gets posted.
Please read the recent news article from Ars Technica about
Cisco/Linksys routers’ vulnerability to make sure your home or office, or that of your friends and family, is not at risk.
Get more information: