top of page
Search
  • Writer's pictureFlagler Technologies

How to Properly Secure Your Business Router

Updated: May 7



When your business's router works properly, you probably don’t give it much thought. You log into your computer, and you have instantaneous access to the Internet. Routers are an absolute necessity for the modern office. However, they can also be a point of access for cybercriminals. 


This article will review common router attacks and give useful tips for better securing your router. If you don’t have a cybersecurity professional in your office, discuss these options with a company that offers managed security services


Five Must-Know Router Attacks 

Before we get into how to better secure your router, it’s helpful for you to know what you’re up against. Here are five of the most common router attacks businesses encounter:


  1. Denial of Service (DOS) – This type of attack does not “hack into” your router. Instead, the goal is to interrupt business operations. The attacker floods the router with Internet Control Message Protocol (packets). This causes the router to quickly become overloaded with bogus requests, which causes it to slow significantly or shut down. 

  2. Packeting Mistreating Attack (PMA) – This is similar to a DOS attack in that the goal is to disrupt operations. The attacker sends packets with malicious code to disrupt the routing processes. The bad code then confuses the router and creates a loop as the malicious data circulates through the network without finding a destination. 

  3. Routing Table Poisoning (RTP) – The routing table receives and transfers information, but many routing tables don’t have the encryption to keep them safe. An attacker injects malicious code (the poison) that disrupts the functionality of the tables. Again, the goal is to slow or stop information operations.

  4. Hit and Run (HAR) – This is an attack that tests the vulnerability of a specific router in the system. They’re called “hit and run” or “test hacks” because the attacker will usually move on to another target if not successful. These attacks are also achieved through code injection, but the goal is to penetrate the network. 

  5. Persistent Attack (PA) – This works like HAR attacks, but instead of ending the attack after a failure, the persistent attacker will continue prodding the system for vulnerabilities with different code packets. 


Importance of Securing Routers in Business and Home Environments 

Hackers and cybercriminals look for weaknesses in networks, data transfer, and physical infrastructure. They don’t need to have multiple avenues of access to sabotage your business or steal your data; they only need one. 


Unfortunately, the number of router vulnerabilities discovered every year is on the rise. Some of these vulnerabilities are discovered by white-hat hackers — cybersecurity professionals working for the government, for the manufacturers, or for private firms — while others are discovered by cybercriminals and foreign agents. That’s why it’s essential for both your business’s and home routers (if you log into the network from home) are as invulnerable as possible.


Common Router Vulnerabilities

The following are some of the most common router vulnerabilities, along with tips as to how to harden your router’s defenses:


  • Unauthorized or Rogue Devices – This occurs when a device logs into your wireless network, either by guessing the login credentials or by some other hack. A regular scan of your network for unauthorized devices can often uncover rogue access points. Boot them off your network and change your password. 

  • Outdated Encryption – Older encryption standards, like WEP and WPA, are vulnerable to hackers. Your wireless router should be running WPA2 or WPA3. 

  • Default Passwords – The first thing you should do when you buy any router is to change the password from the default. Hackers can easily access lists of default passwords. If they know the make of your router and it still has the default password, your network can be easily compromised.

  • Improper Configuration – In addition to creating performance issues, misconfigured devices may be compromised. Follow best practices for device configuration and run software and firmware updates regularly. 

  • Sniffing and Spoofing – Sniffing identifies and captures network traffic, and spoofing impersonates network identities. A virtual private network (VPN) and MAC filtering can go a long way to preventing this type of attack. 


Now that you’re aware of the most common types of router attacks let’s take a look at ways to secure your business router. 


Step-by-Step Guide to Securing Your Router

When you purchase a new router or routers, it’s essential that you set them up properly to help better protect your network. Here are some steps you can take to get a new router:


  1. Change the Password – Make certain you use a difficult-to-guess password. This can be an inconvenience since everyone authorized to access the network will have to log in with the new credentials, but default passwords can be easy to exploit. 

  2. Run Firmware Updates – Most new purchases require a firmware update. These updates often contain security patches for new vulnerabilities. 

  3. Remote Management – If you don’t require remote management for your business operations, it’s better to toggle it off. 

  4. Strong Encryption – Use WAP2 or WAP3 encryption. 

  5. Enable the Firewall – This will block incoming and outgoing traffic. 

  6. Create a Separate Network for Guests – Routers have an option for guest networks. This allows your customers, clients, and vendors to access your wifi without being on your network. 

  7. Set Up MAC Address Filtering – This will allow you to detect unauthorized users. 


Monitoring and maintenance are essential once you’ve set up your router. If you employ a managed security service provider, they will institute protocols to ensure that your routers are secure and any breach is quickly identified and neutralized. 


Advanced Security Features for Business Routers

Routers that are designed for commercial use are often equipped with enhanced security features. While these routers tend to cost more than routers designed for home use, the stakes for a breach are higher. Some of the features that are available in business routers include:


Site-to-Site VPN 

This ensures that all traffic over the internet has end-to-end encryption. If a bad actor intercepts the signal, the encrypted data will be useless.


Automatic Intrusion Prevention System (IPS)

When the system detects an intrusion or suspicious request, it denies access and reports the activity. That way, your IT department or MSSP can analyze the threat and determine if they need to take further action. 


Threat Intelligence Analysis 

Some routers can connect with cloud-based threat-detection services that use AI and sophisticated information sharing to detect unknown threats that have not previously been documented. 


Secure Boot 

This is an additional level of security that prevents tampering with the firmware. 

The preceding are just a few of the enhanced features that business routers offer. For a comprehensive list of these features, contact an experienced MSSP. 


The Role of Managed Security Services in Router Security

Bad actors will seek your greatest point of weakness and try to exploit it. If you don’t have a designated staff member who’s trained in IT security monitoring your router, you should contact an MSSP with extensive cybersecurity experience. Flagler Tech is a managed security service provider that hardens businesses' information defenses. Call us to discuss your cybersecurity needs today. 


16 views

Comments


bottom of page