Types of risks for my router

Hello!

Recently I've read about viruses and worms that attack routers and do some nasty things, incl. DNS changes etc. In the beginning, I just read that some people have issues that their DNS server address being substituted for something fake and evil. To me it didn't make sense, 'cos normally only me and my ISP would have access to the router's admin panel. Then I heard that there's a primitive web server operating in the router and that way we get to see web interface of the device's admin panel. And those viruses and worms use the inner server's vulnerabilities. So from what I understood (correct me if I'm wrong here), it's not some hacker sitting somewhere and seeing my login window. Also I read that those types of attacks are pretty rare due to the fact that the virus must be written specifically for a certain type of a device.
Frankly, I feel bad that such an experienced person like me when it comes to computers wasn't even aware of all that. I just happened to read couple of articles recently and they brought my attention to the matter.
So I wanted to hear your comments, suggestions and corrections. Is there something else I should know when it comes to the risks as far as routers are concerned? Here I'm not asking about a remedy. Just want to know the dangers.
David1978Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

marek1712Commented:
What device are we talking about?
Home equipment (basic TP-Link, Linksys, ASUS, etc)?
or professional (Cisco, Juniper, SonicWall)?

I'm asking because procedures for securing these devices vary greatly.

In first case you're pretty much at the mercy of the manufacturer (and they tend to drop support very fast). Another option is to swap firmware with ones created by the community: OpenWRT, DD-WRT, Tomato, you name it. Of course distribution's support depends on the model. Check YouTube videos and see if you're up to task to configure one yourself.

On the other hand you have professional devices. You don't get bugs like insecure web servers that often (of course, bugs are still present).
Support is longer though - with some of the devices being supported for i.e. 10 years. Beware that in some cases you have to have proper know-how.
0
McKnifeCommented:
Only two things to do:

-keep your router updated
-disable remote access (via internet) to your configuration page

Also ensure that your model still gets updates from time to time and is not end of life, yet.
0
andreasSystem AdminCommented:
Disabling the remote admin possibilities wil lreduce the risk ba a great chance. But many of the small soho routers have hidden backdoors,
most likely due to requests by secret services. Those hidden backddors are not visible in the admin interface and also not confugurable from there. some even cannot even be detected by a portscan as they need special access pattern to activate.

So if possible keep your router up to date with firmware updates. If available for your model you also can consider changing to a community router OS like ddWRT or openWRT.
Those have less chances of hidden gouvernment backdoors and usually get updates of security flaws quite fast.

Another important thing is. NEVER save the passwort of your router admin interface in your browser or stay logged in there while you surf other pages.
Many home router attacks are performed indirectly over the users browsers via a CSRF attack.

http://www.routercheck.com/csrf/

So always go to your routers admin interface with a new browser instance without other Tabs or windows open. And afterwards logo out and clear the cookies, if they allow passwordless login to the admin interface.
0
MSSPs - Are you paying too much?

WEBINAR: Managed security service providers often deploy & manage products from a variety of solution vendors. But is this really the best approach when it comes to saving time AND money? Join us on Aug. 15th to learn how you can improve your total cost of ownership today!

David Johnson, CD, MVPOwnerCommented:
Turn off WDS the 'pin' is supposed to be 8 bytes but is only in reality 4 bytes. And remote web access to the router. If possible use one of the open source router distributions i.e. tomato/dd-wrt
0
rindiCommented:
Another thing that I don't think has yet been mentioned, is to change the router's default passwords to something new and secure.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
David1978Author Commented:
Thank you all for your replies!

Just to clarify things a little first. I'm talking about a SOHO device. Nothing professional here.
I'm aware of those community stuff (ddWRT and others) that you mentioned. But for me it's a little too complicated, frankly. Though I wasn't really asking for solutions (yet), but nevertheless it's good to know. At least, to have a general idea of what I should learn router security-wise.
So I'll grant you your points and if anything would be unclear to me about some specific remedy, I'll ask in separate threads. Otherwise, it confuses me when there are too many different new things to learn about and it all in one topic.
0
David1978Author Commented:
P.S. My special thanks go to rindi. His idea is simple and to the point. Up until today, my router admin panel password was a generic one from the manufacturer. Like I said, I just hadn't known the risks.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
DNS

From novice to tech pro — start learning today.