Helping people with computers... one answer at a time.
Your router is your first line of defense against malicious attacks from the internet. But is your router secure? I'll review the important settings.
I'd like to know how to clear the history of my Linksys Cisco router. I'd also like to know how I can protect it from hacking and who else besides the people that know my router's WPA code can view browsing history.
•
There are a couple of misconceptions in your question, which I'll clear up in a second.
The more general topic is an important one: how do you make sure that your router is secure? After all, as your firewall it is your first line of defense against malware trying to get at your computer from the internet.
You'll want to make sure there aren't big gaping holes.
And sadly, by default, there are.
•
First, most routers don't maintain a history, so there's nothing to erase, and nothing for anyone to view. Most routers just ... route. However there are sometimes ways to enable a certain amount of logging, and we'll look at that below.
While the concepts below apply to almost all consumer grade routers, I'll be using my own LinkSys BEFSR81 Router, and LinkSys WAP54G as examples. You'll need to "translate" the examples to the equivalent settings on your own router or access point.
If you do nothing else to your router, change the default password now. Change it to be something strong - obscure passwords like "I2tX3ZPz2hMszg" are perfect. (If you don't have a random password generator, GRC's Ultra High Security Password Generator is a great tool.)

The reason for this is simple: this is a gaping security hole.
Every router and access point is shipped with the same default password. For LinkSys, if your login is a blank username and a password of "admin", everyone knows it. And anyone can then login to your router and undo any and all of the security steps we're about to take. There is also now malware that takes advantage of the default passwords on routers to make changes without your knowledge.
"Remote Management" is a feature whereby your router can be administered remotely - in other words from anywhere out on the internet.


While this setting (coupled with a very strong password) might make sense for a handful of people, for most folks there's absolutely no need to administer the router from anywhere but the local machines connected to it. Make sure that remote management setting is off.
OK, more correctly, this is "make sure logging is still turned off", since if a router supports any kind of logging at all, it'll likely be off by default.

Disable the logging, and no information will be kept on the router, or sent to any other machine.
Universal Plug and Play (UPnP) is a technology that allows software running on your machine to perform services like port forwarding without your having to go in and configure the router manually.
It seems like a good idea, right?
Turn it off.

It turns out that malware can also be UPnP aware, and can make all sorts of malicious changes to your router without your being involved or aware.
(Note: UPnP is unrelated to Windows Plug and Play hardware detection; it's just another unfortunate collision of similar names.)
It's time for another password, this time to secure and encrypt your wireless connection.

First: use WPA, preferably WPA2, not WEP. WEP encryption turns out to be easily crackable.
Second, select a good, secure key/password/passphrase (the terms are roughly interchangeable here). A passphrase generated by the GRC Password Generator would be a good choice. You only need to enter it once here, and once on each machine that is allowed to connect to your wireless network.
Having a strong WPA key ensures that only machines you allow on your network can see your network, your traffic, and your router.
All of your routers security settings can be reset in a flash if someone has physical access to the device. Almost all routers have a "reset to factory defaults" mechanism - typically by holding a reset button for a certain amount of time. If someone can walk up to your router and do that, then all the security settings you've just enabled may be instantly erased.
Only you can judge whether or not you need this extra level of physical security, but make sure to consider it.
(This is an update to an article originally published March 8, 2009.)
Article C3669 - December 16, 2010
Here's a nice writeup on logging on Netgear routers:
http://kb.netgear.com/app/answers/detail/a_id/1014/~/using-netgear-router-logs
They start out: "Router log features vary by model. Advanced, business-oriented routers such as the FVS328 have extensive logging features, such as monitoring for specific types of attack, and reporting to a security monitoring program. Home routers such as the WGR614 and WGT624 only have only basic features such as router reboots, and reporting when people go to sites that you blocked."
Posted by: Bob in upstate NY at December 21, 2010 10:26 AMI had a Linksys router too, but recently got a Netgear router. What I liked about this router is that besides the security wpa2 password security, it blocks also any other connections except those that have an approved Max address. Together both those items blocks all the non authorized connections. It also is far easier to setup.
Posted by: Paul at December 21, 2010 10:37 AMA good tip to add to this is to only access the router via https - I have a Cradlepoint and a Linksis and both have the setting for that, usually under admin. That way when you send your password over the internet it is secured. In the case of the craddlepoint I have to physically type https in the browser - the linksys pulls it up automatically...
Posted by: Sandy Smith at December 21, 2010 11:23 AMWhether you should broadcast your SSID has been hotly debated. After much reading/research in this area I broadcast mine. Here is some interesting reading on it...
http://technet.microsoft.com/en-us/library/bb726942.aspx
Posted by: Sandy at December 21, 2010 3:22 PMwhere do i find these screens?
13-Oct-2011
Posted by: ron at October 13, 2011 10:27 AM