- 29 Mar 2023
- 4 Minutes to read
- Contributors
- Print
- DarkLight
Router Hardening
- Updated on 29 Mar 2023
- 4 Minutes to read
- Contributors
- Print
- DarkLight
About this Guide
BlackCloak will work with you on router hardening during your onboarding session or in a scheduled session at anytime. This guide is intended to be educational so you understand what we are doing when we harden your router with you. Plus, it allows you to do so in the future if you are ever so inclined.
What is the Purpose of Router Hardening?
Ensuring that the router is secured against attacks as best as possible in order to keep your home network safe. Depending on your router, the administrative console can either be accessed via a web-page or mobile app.
➔ What BlackCloak Checks For:
- Is your router using default credentials?
- Are you using a guest network?
- Is your Wireless Protocol settings set to the highest level of security?
- Are there any unknown or unwanted devices connected to the Home Network?
- Are you using a default SSID?
- Have the Logs been enabled on the home router?
- Is the router firmware up-to-date?
- Has WPS been disabled?
Router Password
Start off by navigating to the router’s administrative console. This is typically a web-based interface, however certain router models are only accessible via a mobile app.
Many routers come with default administrator passwords, and attackers constantly try to break into devices using these publicly known credentials. After you connect to the router’s management interface for the first time through your browser — the address should be the router’s default IP address found on its bottom sticker or found in the set-up guide.
Use a Guest Network
The primary advantage of deploying a guest network is the increased security it offers. By segregating the network in this manner, you can control who has access to your network of computers, servers, storage appliances, printers. This is crucial - especially when you work from home - since sophisticated Trojans and malware can use a visitors’ laptop or mobile device as a launch pad to probe or attack machines on your network.
Wireless Protocol Setting
This security setting defines the type of authentication and encryption used by your router, and the level of privacy protection for data transmitted over the network. Whichever level of security is chosen, always set a strong password. WPA3/2 are the most common settings and offer compatibility with most devices regardless of age.
Connected Devices
Checking your router for currently connected devices can be used to determine if there are any unknown or unwanted devices connected to your home network. You will need to look for the option in your router’s web interface for a link or button named Attached Devices, Connected Devices, or DHCP Clients. You may find this on the Wi-Fi configuration page, or you may find it on some sort of status page. On some routers, the list of connected devices may be printed on a main status page to save you some clicks.
Changing the SSID
The Wi-Fi network name, or SSID (service set identifier), is the name your network uses to advertise its presence to other devices. It's also the name that nearby users see on their device's list of available networks.
Use a name that's unique to your network, and make sure that all routers on your network use the same name for every band they support. For example, don't use common names or default names such as linksys, netgear, dlink, wireless, or 2wire, and don't give your 2.4GHz and 5GHz bands different names.
If you don't follow this guidance, devices might not connect reliably to your network, to all routers on your network, or to all available bands of your routers. Additionally, devices that join your network are more likely to encounter other networks that have the same name, and then automatically try to connect to them.
Enable Logging
Logging is crucial for analyzing if and when any suspicious or unknown activity occurs for data traveling through the router. With this enabled, security experts are able to perceive the actions and behavior associated with the malicious threat actors intent.
Check for Updates
If possible, set your router to automatically install software and firmware updates as they become available. Firmware updates can affect the security settings available to you, and they deliver other important improvements to the stability, performance, and security of your router.
WPS Disabled
This is a rarely used feature designed to help users set up Wi-Fi networks more easily, typically by using a PIN printed on a sticker. A serious vulnerability was found in many vendor implementations of WPS years ago that allows hackers to break into networks. Because it's hard to determine which specific router models and firmware versions are vulnerable, it's best to simply turn off this feature if possible. Instead, you can connect to the router’s web-based management interface to configure Wi-Fi with WPA2 and a custom password -- no WPS needed.