Router security tutorial
Each of us has at home a small network (LAN) consisting of IP-based communication devices and a router. We are all interested in securing our network.
To do this, we will make the necessary settings for both the router and the PCs in the network for safe operation.
On PCs, by activating the firewall, we will block access from outside, but we can set exceptions for various IPs or applications. Also, the Windows Defender firewall will alert you when an application wants to access a particular site and will ask us for your acceptance. The firewall on your PCs is software.
Personal home routers use network address translation (NAT) to share a single IP address for all connected devices (laptops, PCs, tablets, mobile phones, printers).
NAT acts as a firewall that prevents entry requests from reaching PCs. For incoming traffic, you can set the port-forwarding to specify the traffic for each device connected to the router.
It can also configure DMZ (demilitarized zones) for a PC, in which case all incoming traffic is routed to it.
For the personal router, once set up, we need to change the default login password with a strong one (12-16 characters, using uppercase and lowercase and alphanumeric characters) and set a password for the WI-FI local network.
If we do not do this, anyone who connects through WI-FI to our network can see their dynamic IP address and can try to connect to the router.
Default IP management is the same for all routers: 192.168.0.1, 192.168.1.1, 192.168.100.1, etc, and passwords are either admin or user. So an attacker, accessing the router can modify his settings, modify port forwarding to access the PCs on the network or other benefits.
For personal security routers, it's good to disable the remote management facility.
Routers, in the security menu, have filters that can block IPs, MAC addresses, URLs, or DoS (denial of serices). It is good to use these facilities.
Some routers also have a software firewall that can be enabled.
On Cisco routers, used in large networks, three types of passwords were granted for access modes.
- Some are only used for local connection using serial cable (RS-232).
- Others are used for remote access via Telnet or SSH, and they can only have viewing, querying, or full access rights.
The conclusion is that in the case of routers, the use of powerful management and WI-FI passwords and their regular change will protect our network from any unwanted attacks.