Router Defence

Home network connections – I have learned the hard way to make these as secure as I can.

I have found in my experience, that it is essential to check your router logs for all senses of intrusion including pings.

People can ping often, but more importantly, make use of poor router security and make secure connections to your router, and in some instances, load files onto it making it part of a bot army.

I will share services and functions that should be disabled if you wish to be secure.

They are:

UpnP – discover it and disable it in your advanced section of your router.
FTP – block access to it.
SSH – disable access to it.
SMTP – disable access to it.
SNMP – disable access to it.

IPv4/IPv6 – SPI Firewall enable.
DoS Protection – enable all flood filters to their highest potential.
IGMP Snooping – disable it.

These before mentioned services if left alone, with standard login credentials can be used to do nasty things. I was once a host of a YouTube channel talking about security related topics. I was new at the time and didn’t know anything. I was so focused at the time on being system secure, that I completely neglected my router.

I found that the UpnP function of my router was being exploited DAILY. I saw IP addresses all over the world coming to my router and having a party. When I discovered this, I swiftly went about blocking ranges of IP addresses and using whois to identify them within the terminal.

I will give you some additional tips now:

IP Address Pool – however many devices you have, include just enough to cover those devices. Leave NO ROOM at all for additional connections aside from devices you already own.
Primary and Secondary DNS – change these to something of your own choice, change them from your Internet providers ones.
Enable your VPN server within your router.
Enable 5g network and hide your SSID(Router name) from public availability.

Change the name of your connection(Your SSID) to something that doesn’t detail your router. For example, instead of letting it be Telstra54657 change it to anything you like. Not detailing what model your connection consists of, enables a security tick in your corner.

Last but not least:

Use a LAN connection (RJ45 cable) to connect your router to the computer.

I have found that in doing this, and checking my logs often, I am able to ensure the security of my router and my PC. Not doing these, enabled people access to my router, and as such my personal information.

The password for your router needs to change from whatever was originally installed. I do highly recommend a complicated 30 character password. I have found that through tests with password cracking software, it will take beyond our lifetime many fold to crack them. Naturally, quantum computers may make that task easier – I don’t know.

^.^

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s