Protected Voices: Router Hardening

Protected Voices: Router Hardening


Did you know there is one device that all
your traffic goes through? Your emails, your web surfing, your smart
refrigerator—they all connect to the Internet through one device: your router. Hi, I’m JR, a special agent with the FBI. I’m here to share some tips to make your
Internet router more secure. Your router may be a standalone device, or
it may be a part of a modem provided by your Internet service provider. You might have more than one router in your
campaign office or home. Protecting your router is just as important
as protecting your computer. If your router is misconfigured or not properly
patched, you have a weak link where bad actors could get into your networks. First, let’s cover how to access your router’s
settings. A common way to access your router’s settings
is to enter the following IP address into your web browser’s address bar while your
computer is connected to the router. Then a login screen will appear in your web
browser with your router’s manufacturer name. Check your router’s user manual or the underside
of your router for the default user name and password to log into your router. Once you’ve logged in to your router, here’s
how to adjust the settings to make your router more secure. Change the router’s default password. The default password is often the word “password.” Other common default passwords are listed
on the Internet where attackers can find them easily. So make your router’s password long and
complex—and watch our video on passwords for further guidance. Frequently check to see if updates are available
for your router—if so, run the update. These updates patch security flaws and protect
against known attacks. Disable all remote access, including cloud-based
router management. This means the only way to adjust your router’s
settings is to be physically connected to your router. Most devices connect to your router wirelessly,
which means you also need to adjust your wireless settings. This will help protect data that’s communicated
through your router without a hard line or cable. Here’s what to adjust on your wireless settings: Your encryption level might be WEP, WPA, or
WPA2. You should only be using WPA2, as that’s
far more secure. If WPA2 is not an option, it’s time for
a new router. Look at the name of your Wi-Fi network, also
called the SSID. Try not to associate your network name with
the campaign. Don’t put your name or your candidate’s
name or your campaign’s name on the name of the network. Don’t put a physical address like “office
201” on the network name. Don’t put the brand of your router in the
network name. Don’t choose a common network name, or your
device might try to automatically join a different network with the same common name while you’re
out and about. A related point: When you’re not at the
campaign office, turn off Wi-Fi on your mobile devices, unless you’re sure you want to
connect to another Wi-Fi network away from the office. Check our video about VPNs for more guidance
on this issue. Create a guest network with a different password,
and limit what information can be accessed on the guest network. Make sure even your guest network uses WPA2
encryption. You might be asking, is all of this really
necessary? Where’s the threat? In May 2018, the FBI published a memorandum
about advanced persistent threat actors using malware to target routers. If your router was infected with this malware,
then here’s what might have happened: Bad actors could watch your Internet traffic
and see or steal your sensitive data. Bad actors could send a simple command to
your router and permanently disable it. Bad actors could use your router to launch
a network attack on another device. Your router is an integral piece of your network
and potentially a single point of compromise for your entire network. The tips we’ve discussed will make your
router safer and will make it harder for bad actors to compromise your information. Remember, your voice matters, so protect it.

Leave a Reply

Your email address will not be published. Required fields are marked *