Between the Internet and your local network’s devices stands a router. It’s a complex computing device in its own right, often providing the network’s firewall services, and it’s vulnerable to attacks. Cisco does a good job of securing its routers, but security holes do pop up from time to time. Configuring the router properly will lock out most attacks.
Cisco reported a critical vulnerability on June 15, affecting its RV110W Wireless-N VPN Firewall, RV130W Wireless-N Multifunction VPN Router, and RV215W Wireless-N VPN Router. All of these devices provide both routing and firewall services. An attacker could take advantage of it to execute arbitrary code on the router, and a fix isn’t available yet. The good news is that attackers outside the router’s LAN can get to it only if its configuration allows remote management. This kind of situation shows a pattern in router security: If you allow control from the Internet, you’re more vulnerable. If no one can log into it from outside, there aren’t a lot of ways to attack it.
Granted, being able to configure a router from the outside can be convenient. An administrator can fix things after hours without a trip to the office. The question is whether it’s worth the risk. Usually it isn’t.
A compromised router lets hostile parties into your local network, bypassing or altering any firewalls. They can then attack other computers on the LAN through channels that aren’t available for public access. They can launch denial-of-service attacks by blocking traffic on the network, like a demented security guard who won’t let anyone in.
One of the sneakier attacks on Cisco routers is called SYNful Knock. Someone who has the administrative password or has physical access to the router can initiate it, and it modifies the firmware in the router. One this happens, the attacker can establish a “back door” which is very hard to detect and remove. As long as it’s there, it allows further exploits even if the password is changed.
Cisco routers have poor security if you just take them out of the box and plug them in. It’s important to configure them before putting them into use. They come with a default administrative account and password, which anyone can look up. It’s vital to change the password immediately, and it’s a very good idea to change the account name as well, so that attackers have to guess two different pieces of information. Cisco recommends using characters in at least three of these categories for passwords:
- Lowercase letters
- Uppercase letters
- Special characters
Cisco’s Autosecure feature provides a quick, convenient way to give a router a good level of security. The administrator can apply it in non-interactive mode, which will give a default set of settings, or interactive mode, which allows selecting options. The default tries not to interfere with normal operations, so setting customer parameters can offer better protection.
Guarding against attacks on the Internet is a constant battle, and the router is on the front line. It’s important not to neglect it.
Puryear IT is the trusted choice when it comes to staying ahead of the latest information technology and security tips, tricks, and news. Contact us at (225) 706-8414 or send us an email at firstname.lastname@example.org for more information.