We’ve all heard the advice to keep your computer updated, but what about your router? This essential network device controls access to the Internet, but many contain flaws that can be hijacked to spy on your activities and unleash attacks on Internet servers.
Updating the router is not necessarily the first thing a consumer thinks about when experiencing computer problems. A slow network could just be a slow network … or it could indicate that your router has been commandeered by someone else. Hackers use automated tools to exploit vulnerabilities in routers, gathering them into so-called “botnets” that unleash massive attacks upon larger systems.
Just recently a botnet was discovered consisting of 100,000 home and small office routers from a wide variety of manufacturers. The botnet had been running for more than five years and was used to send spam and malicious links. Many of those who owned the routers had no idea that their devices had been commandeered.
Routers contain built-in software that can be exploited, just as computer software can. Because your router connects you to the Internet, a compromise can expose all of the other devices on your network to malware and other threats. It can also be used to spy on everything you do on your network, revealing credit card numbers, passwords, the works.
But most consumers don’t know how to update their routers. Worse, some routers have flaws that manufacturers have chosen not to fix. It’s important to evaluate your router on a regular basis, either updating it to the latest version of its built-in software (called “firmware”), or replacing it if it cannot be updated. Check your manufacturer’s support site for details on updating your router. It’s also a good idea to do a web search on your router’s manufacturer and model to see if there are any known issues and whether they have been fixed.
If you need to replace your router, select a new model that contains the latest fixes. Avoid using old models that cannot be updated or contain known flaws. Look for routers that make it easy for non-tech-savvy consumers to change the settings, and that provide detailed security advice on their support sites.
Whether you are updating or replacing your router, you should also check the settings. Always change the default password, because that’s the first thing a hacker is going to try. Likewise, the default settings on most routers provide inadequate protection.
Where possible, turn off nonessential services like Universal Plug and Play (UPnP), WiFi Protected Setup (WPS), and remote administration. Your manufacturer’s site can tell you how to do this. Use strong encryption for wireless connections. Change the wireless network name to something besides the default, but that does not identify you.
If you lease your router from your Internet provider, contact them for details on how to tighten up the security. Some people have a separate router that connects to a modem and then to the Internet, whereas others have a router/modem combo. If you purchase your own router, you’ll get better support from your Internet provider if you select a router from their list of supported devices.
• Triona Guidry is a computer specialist and freelance writer. Her Tech Tips blog www.guidryconsulting.com/techtips offers tech support advice for Windows and Mac.