Blog | G5 Cyber Security

Securing Bridged Routers

G5 Cyber Security

TL;DR

Bridged routers can be a security risk if not configured properly. This guide covers essential steps to secure them, including strong passwords, firewall rules, disabling unnecessary services, keeping firmware updated, and monitoring for suspicious activity.

Securing Your Bridged Router: A Step-by-Step Guide

  1. Change the Default Admin Password
    • This is the most important step. Hackers often try default usernames and passwords first.
    • Use a strong, unique password (at least 12 characters with a mix of uppercase/lowercase letters, numbers, and symbols).
    • Access your router’s settings (usually via a web browser – check the router’s manual for the address, often 192.168.1.1 or 192.168.0.1).
    • Navigate to the administration/password section and change it.
  2. Enable the Router’s Firewall
    • Most routers have a built-in firewall; make sure it’s enabled.
    • Check your router settings for a “Firewall” or “Security” section.
    • Ensure that SPI (Stateful Packet Inspection) is active if available – this provides better protection.
  3. Disable Unnecessary Services
    • Many routers offer features you might not need, like UPnP (Universal Plug and Play), remote management, or WPS (Wi-Fi Protected Setup).
    • Disable these if you don’t use them. They can create security vulnerabilities.
    • UPnP: If possible, disable it completely. If needed for specific devices, only enable it temporarily and then disable it again.
    • Remote Management: Disable remote management unless absolutely necessary. If you must use it, restrict access to specific IP addresses.
    • WPS: Disable WPS as it’s known to be vulnerable to attacks.
  4. Keep Router Firmware Updated
    • Firmware updates often include security patches.
    • Check your router manufacturer’s website for the latest firmware version.
    • Most routers have an automatic update feature – enable it if available.
    • If no automatic update, download the firmware manually and follow the instructions in your router’s manual to install it. Be careful not to interrupt the process!
  5. Configure Wireless Security (if applicable)
    • Use WPA3 encryption if your devices support it; otherwise, use WPA2 with a strong password.
    • Change the default SSID (network name).
    • Enable MAC address filtering (optional – adds another layer of security but can be bypassed).
  6. Monitor Router Logs
    • Check your router’s logs for suspicious activity, such as failed login attempts or unusual traffic.
    • The location of the logs varies depending on the router model; consult your manual.
  7. Consider a DMZ (Demilitarized Zone) Carefully
    • A DMZ exposes a device directly to the internet. Only use it if absolutely necessary and understand the risks.
    • If you must use a DMZ, only place one device in it and ensure that device is well-secured.
  8. Port Forwarding – Use with Caution
    • Only forward ports if absolutely necessary for specific applications.
    • Forward only the required ports, not entire ranges.
    • Ensure that the devices behind the port forwarding are also secured.

By following these steps, you can significantly improve the security of your bridged router and protect your network from cyber security threats.

Exit mobile version