In the fourth blog from Cyber Security Partner IASME, learn about the secrets of your router, including what it is and how to secure it to maintain safety and keep the bad guys out.
Throughout history, when building homes, villages and towns, people have sought to create a layer of defence or security to maintain their safety and keep the bad guys out. Means of doing this have included locating oneself on a high hill, building boundary walls, moats, strong front doors and deploying armed guards and dogs.
In the cyber world, rather than your material possessions, the commodity here is your data, and there are just as many bad people trying to get hold of that. Personal information such as your name, address, bank and payment card details and username and passwords can be sold on to other criminals and are worth a lot of money. On computers, there are some key layers of defence you can activate to keep your information safe. The main methods are using strong passwords- like having a unique front door key, enabling your firewall – having a secure front gate, and securing your router – having a front door at all.
In this article we will be talking about securing your router which in most cases also contains the boundary firewall.
What is the router and how do I know if I have one?
First, let's talk about networks. A network is a collection of devices such as computers, laptops, smart phones and tablets that can communicate with each other. It could describe your 'home network', which is all the devices you have connected to your WIFI at home, your 'company network' which is all the devices connected together that can access your company systems and data, or something as big as 'the internet' which combines lots of these smaller networks across the world.
When you signed up for an internet service plan, your internet service provider (e.g., Sky, BT, or Virgin Media) would have sent you a small box to plug in. This device is your 'router' and is the key part of your network, as the router's job is to move data between your devices and other networks.
Your router's important security settings
The router plays a very important role, as it sits at the gateway between your network and the internet, and allows devices and networks to connect together. If not secured correctly, this gateway could potentially allow cyber criminals an access point to your network and anything within it. For this reason, it is vital that your router's security settings are configured correctly.
Many routers arrive from the manufacturer with a default password such as 'ADMIN', and even if your router has a more complicated default password, it is not difficult to find it out with a quick search on the internet.
Note that this isn't the Wi-Fi password to access the network, that is a separate passcode.
The router password protects the router's settings and configuration. It is vital that you change this so that anyone cannot log onto your network and intercept your data or lock you out of your own network. You will find information about both the router password and the WIFI passcode with the information booklet that came with the router, or most likely written onto the router. You will also be able to get information about your router on your internet provider's website.
The boundary firewall within your router
For small business networks and home networks, your router is also your boundary firewall. It acts as a protective buffer zone between your devices and the internet. The inbuilt firewall within the router checks the connections to and from your devices to make sure that they are not likely to be harmful. It is important to check that your router firewall is turned on and configured in a way that is most beneficial.
If your router firewall is not enabled, a bit like not changing your router's default password, it is the equivalent to leaving your front door wide open. Many devices come from the manufacturer with the firewall switched off.
Activate your ninja - How to change your router's default configuration password
The first thing to do is to open your router's configuration page. To do this, open a new page on your web browser and enter the IP address for your router into the web address bar.
If you do not know your routers IP address, and you are using Windows, go to the Windows Command Prompt by hitting Windows key + R, typing cmd and hitting return. Then when the Command Prompt opens, type ipconfig and press enter. Look for the 'default gateway' address. This is your router's IP address. Type that into your browser – it will be similar in format to 192.168.2.1.
On a Mac, go to System Preferences > Network. Click the active internet connection (the one showing as green). Click on 'Advanced' button to bring up a new window, and select 'TCP/IP' tab. You'll then see the router address on left hand side.
If you can't access your router's configuration page at all, you may need to factory reset it using the button on the router (you might need a paper clip.) This is especially the case if it was used by someone else previously and so may no longer have the default settings.
When you are on your router's webpage, enter your router's username and password when prompted. Again, this may be something as simple as admin and password. That's why you need to change it. If your password is already unique to you, then you don't need to change it. You'll need to find how to change your password. Usually this will be under some kind of 'settings' or 'administration' area of the interface, which is basically like a very simple website.
If you get stuck, do not be afraid to go to trusty Google and ask any questions that you have. E.g., 'How do I change the default password in my (insert internet provider) router?' 'How do I know if I am using Windows or on a Mac?' 'How do I check my (insert internet provider) router firewall?' etc.
Note changing the wireless network password WILL LOSE ACCESS on all your wireless devices and you will need to reconnect them all to the network.
Once you have successfully changed your router's default admin password, congratulations, you have just made your network 100% safer.
Just like learning anything new, cyber security can be broken down into small steps helping you secure your digital information. Businesses of all sizes are at particular risk of cyber-crime and would benefit from working towards a formal certification that helps them implement five core controls to protect them from most cyber-attacks. Cyber Essentials is a Government approved scheme that organisations use to ensure they are on the right track as well as demonstrating to their customers and suppliers that they are serious about cyber security. Find out more about Cyber Essentials Scheme.
Thank you IASME team for the insight. This blog was published on Friday 12th February and is duplicated with permission from IASME. Original publication located at https://iasme.co.uk/cyber-blog/ninja-at-the-gateway-the-secrets-of-your-router/.
- Your business or home router is the device which enables the movement of data between your other devices on your network (printers, laptops, pcs etc) and is the gateway between your network and the internet
- Ensuring your router's security settings are configured correctly can help protect your data
- There is always a risk that keeping the default settings for passwords can affect the security of a device.
- Concise recommend that your router isn't always enough to secure your network fully. A dedicated firewall is needed for better protection.
IASME are a chosen partner of the National Cyber Security Centre (NCSC) and are responsible for Cyber Essentials Certification delivery in the UK. Learn more about IASME.
Concise Technologies have written a blog about the differences between Cyber Essentials and Cyber Essentials Plus.