Summary: Your router is your first line defense against malicious attacks from the internet. But is your router secure? I'll review the important settings.
I'd like to know how to clear the history of my Linksys Cisco router. I'd also like to know how I can protect it from hacking and who else besides the people that know my router's WPA code can view browsing history.
•
There are a couple of misconceptions in your question, which I'll clear up in a second.
The more general topic is an important one: how do you make sure that your router is secure? After all, as your firewall it is your first line of defense against malware trying to get at your computer from the internet.
•
First, most routers don't maintain a history, so there's nothing to erase, and nothing for anyone to view. Most routers just ... route. However there are sometimes ways to enable a certain amount of logging, and we'll look at that below.
While the concepts below apply to almost all consumer grade routers, I'll be using my own Linksys BEFSR81 Router, and Linksys WAP54G as examples. You'll need to "translate" the examples to the equivalent settings on your own router or access point.
•
Change The Default Password
If you do nothing else to your router, change the default password now. Change it to be something strong - obscure passwords like "I2tX3ZPz2hMszg" are perfect. (If you don't have a random password generator, GRC's Ultra High Security Password Generator is a great tool.)
The reason for this is simple: every router and access point is shipped with the same default password. For Linksys, if your login is a blank username and a password of "admin", everyone knows it. And anyone can then login to your router and undo any and all of the security steps we're about to take. (There is also malware that takes advantage of the default passwords on routers to make changes without your knowledge.)
Disable Remote Management
"Remote Management" is a feature whereby your router can be administered remotely - in other words from anywhere out on the internet.
While this setting (coupled with a very strong password) might make sense for a handful of people, for most folks there's absolutely no need to administer the router from anywhere but your local machines connected to it. Make sure that remote management setting is off.
Turn Off Logging
OK, more correctly, this is "make sure logging is still turned off", since if a router supports any kind of logging at all, it'll likely be off by default.
Disable the logging, and no information will be kept on the router, or sent to any other machine.
Add a WPA Key
It's time for another password, this time to secure and encrypt your wireless connection.
First: use WPA, not WEP. WEP encryption turns out to be easily crackable.
Second, select a good, secure key/password/passphrase (the terms are roughly interchangeable here). A passphrase generated by the GRC Password Generator would be a good choice. You only need to enter it once here, and once on each machine that is allowed to connect to your wireless network.
Having a strong WPA key ensures that only machines you allow on your network can see your network, your traffic, and your router.
Don't Forget The Physical
All of your routers security settings can be reset in a flash if someone has physical access to the device. Almost all routers have a "reset to factory defaults" mechanism - typically by holding a reset button for a certain amount of time. If someone can walk up to your router and do that, then all the security settings you've just enabled may be instantly erased.
Only you can judge whether or not you need this extra level of physical security, but make sure to consider it.
Related:
-
Change Your Password - No, not that one... You probably need to change a password, but not the one you think.
-
What are these access attempts in my router log? Any device sitting on the internet is subject to a constant stream of "internet background noise". It's why you really want to be behind a firewall.
-
Does sharing a router make me vulnerable to those I share with? Being on the same local network as another machine implies a certain level of trust. Without that trust, additional security steps are called for.
Article C3669 - March 8, 2009
Forgot to mention that it's also good practice to stop broadcasting your SSID.
10-Mar-2009
Don't forget to update the firmware of the router occasionally.
Posted by: Hans Jonson at March 10, 2009 8:32 AMRegarding the original question on CISCO, they do make a home-level router: Zonealarm Z100G which has antivirus, antispyware and a robust firewall BUILT-IN to the hardware. The AV and Antispyware is updated automatically like that on your computer. I have been using the Z100G for a year and it has cut 99% of the spyware and viruses off that I used to get at my computer. Further, it blocks hack attempts at the router rather than letting them flow to my computer for software blocking. (I can see the IP addresses of these hack attempts in the log.) This router acts much like the Enterprise Cisco router most of us are used to using at work.
Posted by: Jim at March 10, 2009 8:37 AMLeo,
I have two Linksys routers, one a standard W54 wireless and one that a Verizon or Sprint aircard plugs into for remote site internet access. From the standpoint to who can access either wirelessly, am I wrong to rely only on router mac address filtering? Logic would suggest the router will only talk to the two laptops whose mac id's are entered into the router table. Greatly appreciate your newletter and expertise...mike
12-Mar-2009
How does one change the password? Where are the controls and settings for the router? Mine is a 2Wire system.
13-Mar-2009
I has a belkin fsd7230-4 model type
and it stopped working after some time
so i got a new router which is cisco wrt54g but how do i know when i search for devices.. which one my new router really is? right now i dont know if im using my routers route or some other routers route.
i just want to use mine and secure it
please inform me what im doing
13-Mar-2009
Verizon FiOS's wireless router uses the WEP type key. Within the "Advanced" settings there appears to be a means to select WPA rather than WEP. Has anyone using FiOS done this successfully? Any glitches or warning? Curious before I go there.
Posted by: Frank L. Doobyus at March 13, 2009 9:27 PMI currently have my FiOS router set up with WPA2. I don't recall offhand how to do it, but it can be done.
Posted by: Jon at March 16, 2009 8:28 AMThe Physical security of routers becomes more
Posted by: mohamad ahmad at March 17, 2009 12:58 PMstronger than now if that resetting button
is removed completely and instead one small electronic Item is added to the hardware of the router and that Items job is to reset the router when it receives a special signal from a key
provided with each router, when key is pressed it sends the required reset signal just as
that used for cars to open and close the doors.
then no one can do resetting unless he has the
key. I don't know why the manufacturers has not
though of that yet.
thanks for your articles.
mohamad ahmad
Using Dlink wireless 615 can I set up router to ask for passphrase each time a client wishes to connect, like after reboot? my laptop see's the router and connects automatically, But I'd like to discourage clients that have had access in past, just being to log on use bandwidth in a conference envirnment.
Posted by: Steven J at October 24, 2009 7:04 AM