Wednesday, February 19, 2014

Fix your home router - and I mean now.

Beyond your PC(s), what is the most insecure item in your home network?  Printer?  Naaah.  iOS device like your iPad?  Naaaah.  Android device?  Tempting but naaaaaah.  Wireless router which acts as your network security for Internet connectivity?  You betcha.

It hit the wire this week that Polish hackers used compromised home routers to stage man-in-the-middle attacks on banks, and I'm not surprised.  In laymens' terms, when you log onto your bank's web site, you let hackers in.  This article outlines the details, some geekspeak included but not too bad.

The real thing here for home users is how do I protect myself?  Here are a few avenues and really folks, it's not that hard.

  1. Update your home router's firmware regularly.  Either check monthly for firmware updates on your vendor's web site or subscribe to their newsletters if they offer some.  Vendors will plug holes for your devices, it falls on you to apply the fixes.  This is by far the easiest way &  does not cost a dime, just schedule it in your smartphone and you should be all set.
  2. If your level of geekhood is up to it, or if you want to take a chance, try an alternative firmware for your router.  What-is-that-thing-you-just-said?  Well for years now communities of hackers (the types who tinker with stuff, not the bad evil ones) have built firmware releases for consumer devices based on Linux.  The most famous/popular one is DD-WRT and if you're willing to follow the steps, the process is fairly easy to go from your stock firmware to the DD-WRT one.  You get a more robust level of security, additional feature and you know what - it's free.   Warning - you can brick your device.
  3. If you have an old PC (say a 1Ghz & up with 512Mb ram, 2 network cards & a small hard drive) you can build your own firewall, but on steroids.  Many flavors exist (Endian, Sophos UTM Home Edition, Smoothwall, Untangle & many others) and what I use is the Sophos one, bear in mind the ones I listed are all good choices.  If you have issues with running Windows 7/8 on a PC stay away from this but if you have the desire to know more, give these packages a whirl.

    Do you have network-based intrusion detection/prevention on your home network?  I do.  I don't have critical data but better safe than sorry.  For WiFi in the house I use a Netgear 3500L with DD-WRT (turn off the DHCP server on the router if you wan to do this otherwise you've got 2 competing).
Netgear & Linksys were the two identified brands, but don't rest easy if you use another brand.  The same problem will happen sooner or later I guess to others.

'hope this helps more than confuses, but if you have questions drop a comment below.

Stay safe!

No comments:

Post a Comment

Please leave a comment - I'll try to moderate and/or answer it within 24hs!