Router is a network communication device that is used to connect a LAN with LAN, LAN with WAN and WAN with WAN. They are used to facilitate the communication between the IP based networks. Routers are used to connect small to enterprise networks with each other. There are many security threats to a computer network and if a router is not properly configure to deal with those threats that your whole computer network’s security can compromised.
Once a computer network comes under attack by the viruses, hackers, unauthorized users, intruders, malware and spyware then all the connected networks’ security can also be compromised. Network administrators need to harden their network devices such as routes, switches and computers.
Most IT managers and the network administrators do not realize that their routers can be attacked. Router’s operating system (IOS) is as vulnerable to the security threats as network operating systems. Following tips and techniques can be implemented to protect your router from being attacked.
Router Security Tips
- Router should prohibit the access to the unauthorized users.
- Telnet should never been used to manage the remote router unless there is secure communication path.
- Update your router’s operating system.
- Block ICMP ping requests.
- The passwords on the router should be kept in the secure encrypted form.
- Disallow IP directed broadcasts.
- Make access rules for every user.
- Create and maintain the route security policy.
- Implement Access lists and allow only those protocols and services such as TCP/IP and IP addresses that are required by the network users.
- Do not source IP packets with source routing header options enabled.
- Limit the access of the users to the network resources and devices.
- Change the default administrator’s password of the router.
- Shut down un-needed services on the router.
- Restrict the incoming packets with the loop back addresses because these packets can’t be real.
- Block IP multicast if network don’t need it.
- Turn on the logging on the router to log errors messages.
- Disable IP re-directs and IP source routing.
- Disable the HTTP configuration mode if your router has command line configuration options.
- Manually configure ACL as it can provide anti-spoofing protection against attacks.
- Physically secure your router by placing it at a safer place.
- If you are using wireless router disable SSID broadcast, use WEP/WAP encryption techniques and assign static IP addresses to the devices.