Connect with us

Expert Speak

How to Secure Your Router?

Published

on

Written by Tomas Foltyn, Security Writer at ESET

How do you secure your network? For the most part, this honor goes to the one device that talks to all of your home’s internet-connected devices: your router. This humble gadget may not store any of your personal data, but with all that traffic flying through it, taking good care of this network workhorse should be a key component of your security culture. And yet, we usually ignore security concerns that have to do with our routers.

Tomas Foltyn, Security Writer at ESET.

In our technology-dependent era, one such little black box is central to any home network (okay, many routers are neither black nor boxes, but we won’t let that distract us, will we?). In fact, chances are your router doubles as a modem, or even the other way round, especially if it was supplied to you by your internet service provider (ISP). Of course, a consumer-grade router typically comes with an in-built wireless access point (WAP), so that we don’t trip over cables. Regardless of your setup, the router is integral to the security of your network.

For all the magic it can do, a typical router is normally forgotten as soon as it begins to fulfil its only obvious purpose – connecting our home to the internet. Devoid of even a speck of glamor and hidden in a corner or on the uppermost shelf, this device quietly does its thing, never attracting your attention unless something goes wrong with your internet connection. Which may prompt the question:

Why care about routers, anyway?
Simply put, a poorly secured router can put all devices on your network at the mercy of attackers. That is no hyperbole. The threats run the gamut, and a hacked router can:

And that is by no means an exhaustive list.

To harden your router and stay safe from hacker shenanigans, you need to access and properly configure the device’s settings. This may seem to be a daunting task, but that may only be due to fear of the unknown. For most, basic remedies are not, by any means, an ordeal, and they’re enough to greatly improve the security of your router.

Your router’s admin settings can usually be accessed wirelessly by typing the router’s IP address into any web browser’s URL bar (the IP address is often 192.168.1.1 or 192.168.0.1, but check the label on your device or look up the address on Google). Arguably, a better way is to connect that long-forgotten thing, probably cloaked in a thick layer of dust, to your laptop via an Ethernet cable and only then type the IP address. In many cases, you can even reach the settings via a dedicated smartphone app.

There are a few sine quibus non – beyond having a firewall turned on, of course – for a hardened router.

Ditch the defaults
Here, we can safely pick up from where we left off last week: Passwords invariably come into play when it comes to keeping your network safe and secure, doubly so when Wi-Fi connections are thrown into the mix. Out of all settings that come pre-configured for you from the manufacturer, the password to access the router’s admin interface is the first thing you should replace with a strong and unique password or passphrase. Also, if possible, pick a non-generic username instead of the default one, which commonly in this case is one of these five options: ‘admin’, ‘administrator’, ‘root’, ‘user’, and no username at all.

Besides reducing cost for the manufacturers, these and some other default configurations are intended to ease set-up and remote troubleshooting. However, the convenience factor is apt to cause trouble in that, for example, the login details are often glaringly obvious and shared across router models, and even entire brands. Indeed, the logins are there for the taking for anybody who can spare a minute searching on Google, or even less than that: suffice it to try one such absurdly easy-to-guess username/password combination (in the vein of ‘admin/password’) and it may very well work on a poorly configured router. In fact, ESET’s test on 12,000 home routers in 2016 found that one in seven such routers used “common default usernames and passwords, as well as some frequently used combinations”.

With routers that permit wireless connectivity (which is the case with pretty much all consumer routers these days), the brand and model may be given away by the default name of your wireless network. Change that name, aka Service Set Identifier (SSID), to something that doesn’t identify you or your location. You can also stop the SSID from being broadcast, but be aware that a snoop with even a modicum of technical chops will be able to sniff it out easily anyway.

Also often enabled by default is a feature called Wi-Fi Protected Setup (WPS), which was originally intended to help bring new devices onto a network. However, due to a flaw in its implementation that relies on registrar PIN numbers and that makes the number easily crackable, WPS can be easily subverted. Ultimately, this sets the stage for attacks at your wireless password, aka pre-shared key (PSK).

Another feature that is often enabled by default on routers and that poses a significant security risk is Universal Plug and Play (UPnP). Unless you’re sure you need UPnP, which is intended to enable frictionless communication between networked devices but lacks any authentication mechanism, you should turn it off. Indeed, shut down any protocols and block any ports that aren’t needed, as that will reduce the attack surface on your network.

Keep snoopers at bay
When it comes to Wi-Fi passwords (and, thus, controlling who can actually access your wireless network), this is your chance to be creative. You can go up to 63 characters, but, in fairness, that shouldn’t really be necessary.  That said, make sure your password or passphrase is long and complex, so that it can withstand brute-force attacks where never-do-wells take countless stabs at a password in a bid to arrive at the right one. Of course, it must also be different from all your other login credentials, including the one you use to access the router’s admin console.

You also need to specify a security protocol for your wireless connection. There’s not much of a choice here, and the only option worth recommending is WPA2, short for ‘Wi-Fi Protected Access 2’. For homes, WPA2’s best flavor is its personal mode (WPA2-Personal aka WPA2-PSK) and underpinned by AES encryption, which is, for all intents and purposes, uncrackable with today’s computing resources. Robust over-the-air encryption scrambles all data as it travels between a Wi-Fi-connected device and a router, ensuring that a snoop cannot simply read it even if they somehow get their hands on the data.

There are two older Wi-Fi security modes that may still be available on your router – WPA’s first iteration, simply called WPA, and the truly ancient Wired Equivalent Privacy (WEP). However, there’s no reason to use either of them, especially the easily hackable WEP, as WPA2 has been mandatory on all Wi-Fi Alliance certified hardware since as far back as back 2006.

Of course, some of us are eagerly awaiting the arrival of WPA3-enabled networking hardware on the market. Since this new security standard is set to usher in several major improvements for wireless security, including better defense against password-guessing attacks, it really can’t come soon enough.

Update, update!
At heart, routers are computers, so their operating systems, embedded as firmware, need to be updated for security vulnerabilities. Indeed, routers are notorious for being riddled with security loopholes mainly due to their running outdated firmware, which is commonly because we, the router owners, never install such updates. This makes things so much easier for attackers, as many incursions are facilitated by simple scans for routers with known security holes.

To check if your router’s firmware is up-to-date, navigate to the device’s admin panel. Unless you own a modern router that updates itself automatically or alerts you to new firmware versions, you will need to visit the vendor’s website and check whether an update is available. If it is, well, you’ll know what to do. This is not a one-time task, however, so be sure to check for new updates regularly, at least several times a year.

It’s entirely possible that, because the router’s maker has stopped issuing updates for your device, there may actually be no updates to be installed. This can happen especially with older routers, in which case you’re best off simply buying a newer one.

At any rate, there’s another reward for upgrading your firmware: Beyond updates to fix vulnerabilities, the new firmware version may also include performance improvements and new features, including those that have to do with its security mechanisms.

Bonus tips
What else can you do, and with a minimal hassle factor, of course? Here are a few more quick tips:

Any router should enable you to create several networks, which is particularly handy with easily hackable Internet-of-Things (IoT) devices. If your home is ‘smart’, consider quarantining all that IoT tech in a segregated network, so that its vulnerabilities cannot be exploited to access the data on your computer, smartphone, or storage devices. You can also set up a separate network for your children and their gizmos.

Similarly, consider setting up a separate network for guests. That way, you only share your internet connection, not your network, and prevent the risk of malware from their devices jumping over to your digital assets in what is just one possible scenario how a guest can, however unknowingly, compromise your network.

It’s also good to disable remote management for your router to reduce the odds of attackers tampering with it from anywhere in the world, for example by exploiting a vulnerability. That way, physical access to your router will be required to make any changes to its settings.

Conclusion
There is far more to router security than what we touched on in this article. However, even tweaking a few settings in the ‘glue’ that holds all of your internet-enabled devices together will go a long way toward bolstering your overall security. The ‘benign neglect’ with which we usually treat our routers can turn out to be very damaging.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Apps

Is Apple’s New ‘NameDrop’ Feature a Cause for Parental Concern?

Published

on

In the ever-evolving landscape of technology, Apple’s new iOS 17 update has introduced a feature that’s sparking a mix of curiosity and concern: NameDrop. This functionality allows users to share contact information with others seamlessly, but it’s not without its set of caveats and considerations.

At the core of the apprehension is the proximity-based nature of NameDrop. For the feature to work, both devices must have iOS 17 installed, be unlocked, and be in close physical proximity – a touch is required to initiate the contact transfer. The user experience involves a swift interaction, prompting a screen at the top of the device with options to “receive only” or “share.”

The need for consent is emphasised in this process. Both users must actively participate in the transfer, acknowledging and approving the exchange of contact information. This deliberate approach is aimed at ensuring that the sharing of personal data is a conscious and intentional act.

However, the rollout of NameDrop has not been without its share of concerns, particularly among parents and law enforcement agencies. Police departments across the United States have issued warnings, urging parents to manually disable the feature on their children’s devices. The fear, it seems, is rooted in the potential for unintended consequences, especially considering the close physical interaction required.

Is it wise to err on the side of caution and turn off NameDrop? Perhaps. Is it time to hit the panic button? Not necessarily, according to experts in the field. In a report by The Washington Post, Chester Wisniewski, a digital security expert at Sophos, dismisses the concerns surrounding NameDrop as “hysteria” and “nonsense.” He suggests that Apple has implemented safeguards to prevent inadvertent information sharing.

One key aspect that should offer reassurance is the need for mutual consent and the deliberate physical proximity required for the feature to activate. The intentionality of this process is to eliminate the risk of accidental data exchanges, putting control firmly in the hands of the users.

As with any technological advancement, understanding and awareness play pivotal roles in ensuring a positive user experience. Educating users, especially parents and guardians, about the intricacies of NameDrop can empower them to make informed decisions about its use. Apple, being at the forefront of user privacy and security, is likely to continue refining and enhancing the feature based on user feedback and evolving security standards.

While the warnings from law enforcement underscore the importance of vigilance, it is crucial to approach the situation with a balanced perspective. The benefits of a feature like NameDrop, enabling seamless contact sharing in a world where connectivity is key, should not be overshadowed by fear.

Apple’s NameDrop feature introduces a novel way of sharing contact information, but its success hinges on user awareness and responsible usage. As technology continues to evolve, so too will the safeguards and features aimed at ensuring a secure and positive user experience. By staying informed and engaged, users can navigate the landscape of advancements like NameDrop with confidence.

Continue Reading

Expert Speak

Password Management: Creating, Storing, and Managing Secure Passwords

Published

on

Navigating the complexities of online security begins with effective password management. This article aims to provide practical advice on creating, storing, and managing passwords, ensuring your digital safety with an approach that is both informative and user-friendly.

Crafting Unbreakable Passwords: A Practical Approach
Creating a strong password is more than a security step; it’s a necessity in today’s digital world. Follow these guidelines to enhance your security:

  • Length Matters: Passwords should be at least 16 characters long. A study by Carnegie Mellon University found that longer passwords significantly reduce the risk of hacking.
  • Complexity is Key: Combine different character types for a robust password. Use a blend of upper and lower case letters, numbers, and symbols.
  • Memorable Phrases: Create passwords using unusual phrases or sentences. Think “VanGoghStarry1Night!” instead of “Password123”.

The Importance of Diversifying Passwords
Using the same password for multiple accounts is like having one key for every lock. Diversify your passwords to ensure that a breach in one account doesn’t jeopardize others. According to a report by Verizon, 80% of hacking-related breaches are due to weak or stolen passwords.

Multi-Factor Authentication (MFA): Your Safety Net
Incorporating MFA can significantly increase your account security. This method, which often involves receiving a code on your mobile device, adds an extra layer of protection.

Personal Information: The Password Pitfall
Avoid using easily guessable personal information in your passwords. Cybersecurity experts warn that personal details are often exploited by hackers.

Password Managers: The Organizational Tool
A password manager is a secure and practical way to store and manage passwords. These tools also help in generating strong passwords. Consider options like LastPass, KeePass, or Keeper, based on your personal preference and needs.

Regular Updates: Key to Continuous Protection
Regularly updating your passwords can dramatically reduce your vulnerability to cyber attacks. Cybersecurity experts recommend changing passwords every three to six months.

Stay Informed: Your Best Defense
Staying updated with the latest cybersecurity trends and threats is essential. Never share your passwords, and always be alert to phishing attempts.

Embracing Secure Password Recovery Methods
Secure Password Recovery: It’s essential to establish secure methods for password recovery. Cybersecurity experts advise against using easily guessable security questions. Instead, opt for two-factor authentication or a secondary email for recovery. According to a report by Google, this simple step can prevent 100% of automated attacks.

The Role of Biometrics in Password Security
Biometrics Integration: The use of biometrics (like fingerprint or facial recognition) in conjunction with traditional passwords is becoming increasingly popular. This method, known as biometric authentication, adds an extra layer of security. A study by the University of Michigan showed that biometrics could reduce the time spent on password entry by 78%, enhancing both security and convenience.

Navigating Public Wi-Fi and Password Safety
Public Wi-Fi Risks: Be cautious when entering passwords on public Wi-Fi networks. These networks are often unsecured, making them hotspots for cybercriminals. The Federal Trade Commission suggests using a VPN (Virtual Private Network) to encrypt your internet connection in such scenarios. Additionally, services like Cisco Umbrella can provide an extra layer of security by offering internet gateway protection. This service not only secures your connection but also helps in blocking malicious sites and phishing attempts, making it a valuable tool for anyone frequently using public Wi-Fi.

The Evolution of Passwords: Future Trends
Future of Passwords: Stay abreast of evolving technologies in password security. Innovations like single sign-on (SSO) systems and blockchain-based passwords are shaping the future of digital identity management. A survey by TechCrunch indicated that 65% of tech professionals believe traditional passwords will be obsolete in the next five years.

Educating Others: Spreading Password Safety Awareness
Spreading Awareness: Educate family, friends, and colleagues about password safety. Sharing knowledge and best practices can dramatically reduce the collective risk of data breaches. The National Cyber Security Centre reported that promoting basic password hygiene could prevent up to 80% of common cyber attacks.

Tailoring Your Password Strategy
Remember, password management is not one-size-fits-all. Consider your unique digital habits and needs when implementing these strategies. Personalization is key to effective password management.

Conclusion
In the intricate web of digital security, password management plays a vital role. By embracing advanced recovery options, considering biometric solutions, exercising caution on public networks, keeping pace with technological trends, and sharing knowledge, we can fortify our digital defences. Effective password management is not just about creating strong passwords; it’s about adopting a comprehensive approach to digital safety, tailored to our unique needs and the evolving cyber landscape.

Continue Reading

Expert Speak

Levelling Up Your PC Game Marketing to Capitalise on the MENA’s Gaming Boom

Published

on

By Adam Smart, Director of Product – Gaming, AppsFlyer

The Middle East and North Africa (MENA) is home to the world’s fastest-growing gaming market — an estimated 377 million players, which is more than all of Europe combined (386 million) and considerably more than the US (210 million). Gamers in Saudi Arabia, Egypt, and the United Arab Emirates (UAE) combined have topped 65 million by 2021 and this number is predicted to reach almost 86 million by 2025. MENA gaming revenue is set to reach more than US$5 billion by 2025. In the UAE, where nine in every 10 adults say they play video games, the country’s gaming market is expected to reach more than $306 million this year.

One segment that has been growing consistently is PC and console gaming. As the growth has occurred, the PC gamer has evolved. No longer exclusively the domain of World of Warcraft aficionados brandishing their “l33t” statuses in front of hordes of “noobs”, the PC market is more diverse, and therein lies the opportunity. First, we have to temper the excitement by reminding you that enthusiasm is no substitute for strategy. Paid and organic moves must combine in a journey of iteration and learning. Hype must be built patiently, in four steps.

Pick Your Genre
You start out with a dream. You want to learn. You want your game to be played. So, the first thing you will do is determine — through research on marketplaces like Steam — what your best positioning is. What genre should your game inhabit to give you the best chance of momentum? Your genre will determine your competition and revenue potential. Each genre releases different numbers of games and has different sales volumes and average revenues per user (ARPU).

Consider a less competitive genre to start with, so you can build some revenue before embarking on more ambitious projects. Consider what kind of streamers play in this genre and how your game’s art style and vibe may fit their tastes. And get to know where your audience consumes content — Twitch, YouTube, TikTok, or others.

Get to Know Steam
Steam is the largest gaming marketplace, where visibility and downloads play out a little differently to Google Play or the App Store. Standing out among 50,000 other games and drawing players from among 130 million monthly active users is a daunting goal. Make sure you pay attention to your capsule (the hero image that represents you in the store). An attractive, professional design is more likely to pique interest. Next, craft your landing page to be a polished artefact that intrigues and inspires browsing — great imagery, short trailers, and lots of gameplay footage. And tag your game to ensure discovery. Steam is known for its window shoppers, so make sure they can add your game to their wish lists. This is a great marketing tool, an effective social wedge, and a sustainable driver of sales.

Leverage UA Channels
As an indie developer, signing with a publisher can help a lot with marketing, especially if your budget is tight. You can also get the word out through alpha and beta releases. Apart from hype, this is a way to keep your most loyal players engaged. Use tools like Sullygnome, Playboard, or HYPR to find well-known gamers/streamers. Many streamers made the difference for games once they started playing them on Twitch. Also check out online festivals like GDC, PAX, Tiny Teams, and Summer Game Fest to further build awareness. And if you have the budget, look into Meta ads, Twitch ads, and YouTube ads.

Find out which platforms host your potential gamers. Engage with them wherever they are. Run your campaigns on channels with which you are familiar, such as mobile and Web. Do not rule out CTV (connected TV) ads or offline ads to capture interest at bus stops and metro stations.

Measure and Optimise
By this point, you will have built a hype train. Now, you must measure its efficiency. You need to know your most profitable campaigns and channels and to do this, you need to measure and attribute conversions accurately. This is not easy in the multichannel haze in which the modern consumer dwells. A gamer could have spotted a Tweet, then watched a CTV ad, then a mobile ad, and then been confronted with a billboard. Which drove their conversion? Today’s marketing measurement and analytics solutions, backed by the right partner, can help organisations connect these dots to the purchase of your game. These platforms even offer a real-time view of campaigns’ performances across multiple channels and devices — a critical capability for branching out to sell games on consoles.

You Just Levelled Up
PC and console gaming sales are a world apart from mobile markets. But provided you understand the target genre and make the right moves on Steam (including wish lists), you should be in the necessary visibility bracket to take your campaign to the next level. Get social, plug yourself into the channels where your target gamers can be found. Enlist a publisher, dole out alpha and beta launches, and cosy up to celebrity gamers/streamers. Be seen at online festivals, spend (if possible) on Meta Ads, Twitch, and YouTube, and consider cross-platform campaigns across mobile, CTV, offline, and Web. But most importantly, measure. And through measurement, as the gamers say, “GiT GuD”.

Continue Reading
Advertisement

Latest Reviews

Follow us on Facebook