A router security checklist keeps the riff-raff out of your network.
Security-conscious ISP administrators know that the Internet can be a dangerous place for service providers and subscribers, alike. For instance, DNS amplification attacks have increased by 1000% since 2018.
Attacks on network hardware can shut down or significantly disrupt broadband accessibility, making it impossible for you to deliver your service. And, when your network is down, your team is focused on diagnosing the issue and resolving it. In other words – lots of time is dedicated to getting back to business as usual.
Subscribers are also vulnerable to attacks. Their devices can be held captive by downloads and emails corrupted with viruses and malware. It’s important to be vigilant – in the first nine months of 2019, there were 7.2 billion malware attacks.
Other crimes perpetrated by malware include data collection executing administrative commands and data redirection.
If your network is crippled or if you fail to keep your subscribers safe, the pain is epic. There’s a high cost in time, money and frustration to right the ship. And, if there’s even a possibility that your subscribers are impacted, you’re obligated to warn them their data or devices may have been breached.
The best defense is being prepared. Keep subscribers and your network safe by locking down your network.
Aren’t Routers Already Secure?
You might think that with all of the new security features in routers, your network and subscribers will be fine.
Some techs rely on the automatic router lock down that throws the IP into a black hole when there are three failed attempts to access it with the incorrect password. This still gives hackers three attempts to access the router—and don’t think determined criminals will try again after the IP is released from the black hole. With enough attempts, they’ll crack the code.
Instead of relying on routine security measures and risking a successful attack, take these steps to keep criminals out of your network.
Best Practice Router Security
- Use a Virtual Private Network (VPN) to create a private connection for network administration.
- Use an access control list (ACL) to lock down access to your hardware, where only specific addresses from your VPN have permission to gain access.
- Disable network discovery by Winbox and other network scanning utilities by identifying the routers’ IP or MAC addresses to protect your network.
- Ensure the time servers are correctly configured.
- Make sure your routers have the latest security updates.
- Disable packages and services that are not being used.
- Use firewall rules to prevent DNS queries or attacks from external IP addresses.
The safety of your network and subscribers is the foundation you must have to maintain a profitable service. As you build your network, surround yourself with vendors that have your back and keep your success in mind. If you’re looking for a billing and automation system with WISP-driven development, consider Visp.net. Your success is our mission.
Brandon Yarbrough has worked in the internet service industry for more than a decade. He’s worked as a network engineer, consultant and is a former WISP owner who sold his business five years after it was founded. Brandon currently works with Visp.net as a Senior Engineer to help clients move past barriers to experience greater success.
Mary Barry, Visp.net’s Content Manager has been attracting revenue and managing customer experiences in corporations like Wells Fargo Bank and the University of Phoenix for more than 20 years. She lives in Scottsdale, Arizona is a patron of the local art scene and is often found on surrounding desert trails. She can be reached at firstname.lastname@example.org.
- Ciso Mag; 1000 Percent Increase in DNS Amplification Attacks since 2018 September 2019; online: https://www.cisomag.com/1000-percent-increase-in-dns-amplification-attacks-since-2018/
- First Three Quarters of 2019: 7.2 Billion Malware Attacks, 151.9 Million Ransomware; Security Magazine; 2019; online: https://www.securitymagazine.com/articles/91133-first-three-quarters-of-2019-72-billion-malware-attacks-1519-million-ransomware-attacks
Additional resource: The Wikileaks Vault 7 Leak – What We Know So Far, Santos, O; 2017; Cisco Blog; https://blogs.cisco.com/security/the-wikileaks-vault-7-leak-what-we-know-so-far