Your Router's Security Stinks: Here's How to Fix It

[Guest]

Most home Internet routers have serious security flaws, with some so vulnerable to attack they should be thrown out, an expert warns.

Your Router's Security Stinks: Here's How to Fix It : Read more

 

[COLGeek]

Good suggestions. All easy and effective.

In this day and age, there is simply no excuse to not secure a home network. None.

 

[bugmenotplz]

Also heads up if you run shieldsup make sure you are not connected to VPN it will scan VPN ports and by default most ports are open.

So run it while not connected to VPN to get accurate results from your own ports.

 

[velocityg4]

So I guess I should drop at least $500 on a hardware firewall. I'm not to worried. Sure home devices aren't the securest option. However, I get security by obscurity. I'm too insignificant for someone to waste their time hacking into my network. When that time could be spent trying to break into the network of someone far wealthier than me.

I also keep my firmware up to date. My router does not have WPS. My WPA2 password is quite strong as well.

 

[razor512]

Most router companies have long patched the WPS issue, while it is still best to disable it if possible, most routers now will disable WPS automatically after 3 failed attempts.

Most ISP supplied gateways will often have a remote access function that cannot be Disabled, for example the actiontec routers that verizon gives, has a remote access function that listens on port 4567. (the right attack on the remote access can also work to slow the router down or cause it to hang).

There is no need to jump to more commercial grade equipment as the cost will increase significantly (often for slower hardware, e.g., commercial/ enterprise accespoints have not really adopted AC1300 on the 5GHz band yet.

 

[Haravikk]

I just checked my VirginMedia supplied SuperHub 2 (some Netgear fibre-optic gateway/router) and it seems to have pretty good security defaults. The main problem is that WPS did seem to have PIN-based connections enabled by default, however it is possible to turn off PIN authentication only, while still allowing devices to connect using the push-button method (press the button on the router, and do the equivalent on your device), so you don't lose the convenience of automated connection, but someone has to be physically inside your house to do it.

 

[Anomy_]

There is a "Linux based firmware" from a third party that will load into many routers that will increase security if only because many of the security holes aren't written into the software. But it's more than that, many believe the firmware upgrades a consumer WiFy router to that of at least the level of inexpensive commercial.
Plus, my 310 router was glichy and unreliable till I installed the third party firmware that allowed me to turn the power down. The router has been up for 94 days without a hiccup.
Unfortunately unless the firmwares installation instructions are followed explicitly, especially the hard resets, there is a good chance you'll brick the router.
Do there is that.

On another note, if you live in a house you can put the WiFy router in the basement. Being underground really limits the horizontal range but seems to effect vertical very little.

Plus, when remodeling the house and building the garage I ran lan to strategic walls and to the garage, a run of about 175 feet. The garage has its own WiFy (E1000) with the power turned down to ~ 10 watts.