Your Router Could Be a Linux Security Risk

Posted by Norma Stratton on

Your Router Could Be a Linux Security Risk

We all want to be confident that our networks are secure, but it might come as a surprise that the biggest threat to your security might actually be your router.

A recently published report has revealed that many popular home routers possess a number of vulnerabilities that create weak points in your network security. Many these routers never receive firmware updates over the course of their lifetime, leaving you vulnerable to hundreds of known security issues.

These gaps in your security can lead to compromises of personal information, which in turn can lead to additional issues such as fraud, identity theft, and more. Once compromised, your router can act as a launchpad for attacks on other network devices.

Linux Security Risk

Routers from several brands, including Netgear, ASUS, D-Link, Linksys and others were examined for the study. In all, 127 routers were tested, with 46 of them having not received any form of security update during the preceding 12 months, and one set of products having not received a firmware update in more than five years. The report noted that “numerous routers have passwords that are either well known or simple to crack—or else they have hard-coded credentials that users cannot change.”

Additionally, the report found that 90% of the routers operated on some form of Linux, but the manufacturers were not applying updates and fixes, resulting in increased vulnerability.

What Can you Do to Improve Security?

To begin with, you may want to change your router.

According to independent computer consultant Michael Horowitz, “If a router is sold at [a well-known retail electronics chain], you don't want to buy it. If your router is given to you by your internet service provider [ISP], you don't want to use it either, because they give away millions of them, and that makes them a prime target both for spy agencies and bad guys.” Horowitz recommended upgrading to commercial routers made for small businesses.

Horowitz also recommends ensuring that the router and cable modem are separate devices. ISPs often lease a single box, but it should be possible to contact them and have them provide just the modem, to which you can add your own router – ideally a low-end commercial-grade Wi-Fi/ Ethernet router. Whatever you choose for a router, however, there are some additional steps that you can take:

  • Change your Administrative Credentials. Do not use the default username and password, as an attacker will try them first. Make a long, strong password that does not resemble the default.
  • Change the Network Name. Give it a unique name but be sure that it is not one that can be used to identify you.
  • Turn on Automatic Firmware Updates. If they are available. This should not be an issue for newer routers, which will automatically update the router firmware.
  • Enable WPA2 Wireless Encryption. If your router can only support the WEP standard, look into a new router.
  • Enable the WPA3 Encryption Standard. Presently, few routers and client devices support it, but if the option is available, enable it.
  • Use a Guest Wi-Fi Network.If available on your router. This can be shared with guests and set on a timer to shut off automatically.

These are some of the simpler approaches to keeping your network secure—steps well worth taking for the protection and peace of mind that they can provide. 

 

Every business should assume they have either been attacked, are being attacked, or will be attacked. Fast detection and swift response are the small business owner’s only defense.

You can access my Free Ebook=> “WHAT’S AT STAKE FOR YOUR BUSINESS?” 

So, if you’re ready to put the right security in place. Contact me, I have traveled the globe Identifying security threats in Companies. I can help give your business a peace of mind as you move into the digital revolution. There’s no risk to talk with us about your business and you can stop the process any time.  But if you let us look under the hood, we’ll help you discover any potential problems before they impact your business or take your data. If everything looks good, we’ll tell you. However, if we discover symptoms of a growing threat, we’ll help you check them out to make sure you’re not exposed to catastrophic failure.

 To Learn More About Cyber Security => Safe Harbour.