Router security

Your humble router with its flashing lights and lifeline of cables is the heart of your network. A computer in its own right, this is the bedrock of your security. It is time to shine a light on this unsung hero.

Your router is a specialised computer which has the tasks of being your secure gateway to the internet and co-ordinating all the devices on your network, with some security thrown in for good measure. Like other computers, it has an operating system, passwords and occasional ragged security holes. A compromised router is trouble, plain and simple. For example, a hacked router could send you to malicious webpages – a fake banking site for example. Or share your data stream with someone else. Or attack your devices. Or… well, you get the gist of it.

Your router manages all the devices on your network. A problem here may affect every computer, tablet and mobile attached. Even a ‘clean’ computer can be re-directed to malicious websites – without needing to compromise the computer itself first.

Many people use the router supplied by their service provider. Recent research by Which magazine has identified some basic security issues with a number of these routers – take a look at the list on the weblink below. The first problem is poor default passwords: some service providers have used the same administrator password for many routers. This simply makes them an attractive target. You can change this in the router’s settings.

The second problem is that security updates to patch freshly discovered security flaws may not be available for older routers. Thirdly, while there is a small risk that updates could prevent your router from working, these updates are important. However, this risk may explain why some service providers seem unenthusiastic about automatic router updates. You may need to apply these yourself. The steps vary depending on the router.

Service providers’ routers can be decent devices. Yet, they generally contain a backdoor for your service provider to make changes at any time. This double-edged facility is intended to help you but… how do you know that the backdoor is properly secured and access effectively restricted?

Most service providers allow you to use your own router. These run from the cheap £50 versions through to business-class routers with more robust security and usually a longer support lifespan – so long as you don’t blanche at the prospect of £200+ for the pleasure.

Whatever router you have, here are a handful of pointers in no particular order to make it more secure. Some steps may not be possible with your router.

  • Update your router’s firmware This process will vary greatly depending on the router. Do make a backup of your settings first in case the process goes wrong.
  • Change the default Wifi settings Change the default Wifi name and password to something of your own invention – it helps to disguise your router.
  • Turn off uPNP / WPS These are potential security hazards. Turn them off if your router allows.
  • Disable port-forwarding or DMZ settings Most users should not need these settings enabled and they can undermine your security. If you need them, you will definitely know.
  • Administrative details Change the details for logging into your routers administrative panel.
  • Guest network: Setup a guest wireless network with a decent password – and keep visitors on this network to minimise ‘cross talk’.
  • Disable administrative access from Wifi: Disable administrative access to the router from Wifi devices. Keep it to wired devices only, and if you feeling particularly geeky narrow this down to a specific IP address outside the usual range of addresses that your router dishes out.
  • Keep Internet of things on their own network: add all Internet-of-Things devices (bulbs, washing machines, pendants etc.) to the guest network to minimise the potential of security problems – or, better still, on a third network if your router allows.

On a tangent, you might like to know more about what your router’s lights indicate. Here is a quick summary of the indications for some common domestic routers.