Tips secure your home router

Hello again. It seems we only have 3 days before the year 2017 ends. With the world moving towards with an awesome technologies and software’s, so does the hacker who getting far advance than they used to be. A hacker can hack (break into) your home network to steal your important information such as your banking information and password, your social media’s information so does your home internet access. Hence, how to overcome this situation? Today, I am going to share some simple tips on securing your home network.

Shall we begin? For this tutorial, I will use an emulator from TP – LINK website.

What is a router?

A router is a small electronic device that joins multiple computer networks together via wired or wireless connection. In network terms (OSI), a router is a layer 3 network gateway device, which operates at the network layer of the OSI model. Router consist of a processor (CPU), RAM, LAN-WAN port and input-output (I / O) interfaces. A router doesn’t need a monitor or a keyboard to operate (configure), instead, it has a pre-loaded operating system that can be done via computer through physical cable. Unlike computer or smartphone’s OS, a router operating system limits the features of the application that can be run on them due to small RAM and average CPU. The operating system was coded into a binary firmware image and commonly known as a “firmware” for routers. By means, maintaining configuration information in a part of memory called the routing table – that can control the incoming and outgoing traffics based on the packets.

Tips Number #1: Chance your admin username and password

When you open your router freshly out of the box, you will power it up. When you key in the standard private IP address for your router which is, 192.168.0.1 or 192.168.1.1, you will be prompted with a web admin interface asking for username and password. By default, the username will be “admin” and the password field will be “blank”. Most of the routers nowadays prompting user to straight away to update their router username and password. It is suggested that, to make your router only can be accessed by you, create a unique username such as “Bella93” and a password that contains more than 8 – 10 characters long (alphanumeric) such as “Bella_940*”. After finishing your standard setup, then wait, don’t log out from your router. There are more things to be done.

If you’re not sure of your router’s private address, you can use this two simple way.

#1 CMD

  1. Open cmd from search icon.
  2. Key in “ipconfig /all”
  3. Find for the word, “Default Gateway”. That is your router’s private IP address.

#2 Using Network Adapter

  1. Click on the network icon on your task-bar
  2. Open network & internet settings
  3. After the Settings interface for the network appear, click on the Ethernet
  4. Click on the “Change adapter option”
  5. Right click on your network adapter (Ethernet or wireless)
  6. Finally, click on the “Details”.
  7. Your default private IP address for your router will be under “IPv4 Default Gateway”
default-gateway-58580fa53df78ce2c39342bb
Router’s private IP address

Tips Number #2: Change your IP address of your router

1
Private IP address: 192.168.0.1 changed to 192.168.0.94

 

Tips Number #3: Change your IP address of your router

2
Disable your WPS

 

Explanation:

Most routers nowadays come with a WPS button located at the back of the router. The real idea is that you can press a button behind the router and a button on the device and both items will pair up and you as a user doesn’t have to do any real setup i.e. entering pins and so on. If your device doesn’t have a WPS button, then the router can be set up so that you just need to type in a PIN into the setup screen for your device to create a connection instead of the long 16 characters WPA and WPA2 password often provided by Reuters. Using a PIN number can be hacked easily. Why? Because it only has an 8 digit number. Perceptibly for a regular person hacking an 8 digit number is going to take some time (maybe a week, a month, even a year!), but the actual process of hacking the WPS PIN of a router is as simple as installing a single piece of software. Nowadays, free software is available for the hackers to hack the PIN easily without even needed to enter much command line to get an access to your home router.

Most hackers out there used Linux to hack a router from the terminal. I would strongly advise do not use your knowledge you gain from my blog for evil purpose. Use the knowledge for the good purpose.

Within Ubuntu (one of the most popular Linux distributions) all you have to do is the following:

  1. Open a terminal window (press ctrl, alt and delete).
  2. Install wifite using the apt-get command (sudo apt-get install wifite)
  3. During the install you will be asked whether you want it to run as root or not, choose “no”
  4. From the command line run wifite (sudo wifite)
  5. A scan will take place and a list of Wi-Fi networks will appear with the following columns:
    • NUM – An identifier which you would enter to choose to hack that network
    • ESSID – The SSID of the network
    • CH – The channel the network is running on
    • ENCR – The type of encyrption
    • POWER – The power (the signal strength)
    • WPS – Is WPS enabled
    • CLIENT – Is anyone connected
  6. What you are looking for are the networks where WPS is set to “Yes”.
  7. Press CTRL and C at the same time
  8. Enter the number (NUM) of the Wi-Fi network you wish to attempt to crack
  9. Wait as wifite does it stuff

Tips Number #4: Change your wireless password

This is the most important part of your home network security. Most of the ISP assigns the phone number or an IC number as the wireless password. This is wrong. Your wireless password can be cracked easily using “brute force”. It can take up to 5 to 6 hours to get an access. It is advisable to use 13 – 20 characters long password.

3
Wireless password sample for 2.4GHz
4
Wireless password sample for 5GHz

I would like to suggest the router manufacturer out there to create a second layer authentication so that only the authorized user able to get a notification if the unwanted device wish to connect to the home network. This is because, not all the time the user will open the apps and view the currently connected device to the router.

Tips Number #5: Avoid MAC address filterting

Each device comes with a unique media access control, also known as MAC address. In general, a router allows any device to connect to it as long as it knows the appropriate passpharase. With MAC address filtering, the router will compare a device’s MAC address against an approved list of MAC addresses, thus allows the device onto the Wi-Fi network if the specific MAC address of the device has been successfully approved. Although it seems logic to enable MAC address filtering (only whitelist the allowed device to use the home network), however, MAC addresses can be easily spoofed in many ways. This means that, an unwanted device can pretend to have an access to the network by having the unique MAC addresses. So how the hacker can spoof the MAC address? Hacker can monitor the Wi-Fi traffic for a second or two, examine the packet to find the MAC address of an allowed device, change their device’s MAC address according to the device in the network, thus, connect in that device place.

However, when the device already connected to a network, how can we spoof the MAC address? It is not logic. Well, you’re wrong.  A “Deauth” or “Deassoc” attack that forces the spoofed device to disconnect from the network and easily allows an attacker to reconnect with the place of the spoofed device. A professional hacker can use a toolset such as Kali in Linux or Wireshark on Windows to eavesdrop on a packet, run a quick command to change their MAC address, use aireplay-ng to send deassociation packets to that client, and then connect in its place. This entire process could easily take less than 30 seconds.

Tips Number #6: Reduce the transmission power

5
Transmit power of the wireless signal

By reducing the transmission power (wireless broadcasting signal), you can reduce the length of the wireless wave in your home. Why you want to give free access to your home network bruh?

Tips Number #7: Firmware Updates

As mentioned in my previous post, firmware update is very important for your router so that any of the bugs present in the current firmware can be solved and some of newly added security features can be used to protect your router. When the router manufacturer finds a security hole, they solve the holes by issuing a new firmware (updated firmware) for the router. If you’re an IT person or expert in networking stuffs, then you can browse through the internet whether your current router does support third party firmware such as DDWRT, Tomato, Padavan, Asus-merlin or OpenWRT. The third party firmwares completely erase the manufacturer’s firmware on the router, but can provide a slew of new features or smoother experience compared to the original firmware.

Tips Number #8: Disable Guest Network

Although guest network doesn’t allow your guest’s device to access into your home intranet, however, it can be dangerous. So turn off the Guest Network. Not all the time, our neighbors or relatives stay in our house. So there is no reason to turn on the Guest Network.

Tips Number #9: Enable the firewall

Most of the commercial router has built-in firewall. The function of the firewall is to protect your internal network against outside (hackers) attacks. Activate it if it’s not automatic. As an example, SPI firewall or NAT. According to my own research, an SPI (stateful packet inspection) or NAT (network address translation) can be an extra function to protect your home network. Some routers such as TP-LINK C3150 has its own built in Trend Micro antivirus that protect any harmful events to occur in your router.

Tips Number #10: Do not share your internet package you’re using and your password to anyone

This is the most easiest tips. Your home network security begins with your responsibility of not sharing what internet package you’re currently using or passwords of your SSID.


For paid product review, do reach us at officialtechcyn@gmail.com or send your message here. Please do like and share our blog and page as your support to us.


Do subscribe us on our YouTube channel: TechCyn.

Facebook
Twitter
Instagram

Thank you.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s