Securing your router

Making your router more secure.

The popularity of Linksys/Cisco routers can make them targets of malicious hackers.  By following a few easy steps you can harden your Linksys router against potential intruders.  Unfortunately, cyber attacks are becoming more common place as groups try to mount large DOS attacks on sites for ransom.  These attacks are only possible if staged from thousands of endpoints under their control, so more and more efforts are being used to find open networks to access.  These efforts begin as scans looking for targets whose  defenses are easy or have been compromised by Trojan malware. 

In any event good network practices including virus and security software are essential,  but in many cases the router sitting as the gateway device is overlooked and intruders know this.  The following suggestions are simple to configure and will add additional security to any potential  threats.  Most of these suggestions can and will be applicable for most SOHO routers.  These suggestions are not full proof and even if enacted cannot be a total defense against Trojans and other malicious Malware.   One good suggestion to live by is "if your computer or network just seems like things aren't right, maybe they aren't".  So take a few minutes and log into your router and make some basic common sense changes.  Here are a few easy configurations on your Linksys router to make your network more secure.

Easy steps to lock down your Linksys router. 

• First log into your router and Change the Default Password.  Use a password that is harder to crack than using just a lowercase word.  Add some digits, an uppercase letter and even a symbol for extra password strength.
• Your Linksys/Cisco router has a setting to Block WAN Requests or Anonymous Internet Requests from the outside. It may be disabled by default and you should keep this setting enabled because it hides your IP address and is designed to prevent intruders from attacking through the Internet. When it is Enabled, the router will drop both the unaccepted TCP request and ICMP packets coming from the Internet. The hacker will not find your router by pinging the Internet IP address.
• Change the IP address of the router itself.  The default IP address of popular routers will be the first IP address scanned.  Changing that address adds just another layer of complexity for a potential hacker. 

Since most threats that we are discussing come from the outside, when changing the password and IP address of your router, we suggest that you write it down on a piece of paper and tape it to the bottom of the router.

Additional steps to harden Linksys routers.

• Make sure to Disable Remote Administration, which on some routers is already turned off by default.
• Allow for only enough private IP addresses as needed.  If you have three computers, one networked printer, 1 IP phone and an ATA then 6 DHCP addresses would be sufficient to give each device an IP address.  
• Some routers have settings that disable Internet access during certain preset time schedules.  If your router does not, than an additional measure of security would be to keep your networked PCs off during evening hours.

Keeping your network and PCs clean of Malware and other intrusive applications should keep your available resources (bandwidth, etc.) for your devices, including VoIP.  VoIP connections are dependant on quality connections and in many cases this quality starts right on your own private network.