Wednesday, April 15, 2009

Securing Router

According to DroneBL, a recent botnet worm called "psyb0t" has been affecting routers connected to Internet.

Your router is only vulnerable if:
  1. Your router is a mipsel (MIPS running in little-endian mode, this is what the worm is compiled for) device.
  2. Your router also has telnet, SSH or web-based interfaces available to the WAN, and
  3. Your username and password combinations are weak, OR the daemons that your firmware uses are exploitable.
To mitigate the above risks, look for the following features when choosing a router:
  1. disable remote management
  2. change password
  3. upgradeable firmware
Other important features are:
  1. change SSID
  2. MAC address filtering
  3. Stateful Packet Inspection (SPI) firewall. Run a ShieldsUP test for Common Ports and All Service Ports to check all ports are stealth
  4. disable DHCP if unnecessary
  5. disable uPnP if unnecessary
  6. change DNS servers to openDNS
Other good to have features are:
  1. Block ping from WAN
  2. restrict to 802.11g mode only if all your devices can support it

No comments: