Security Corner

Feb 20 2008   9:12PM GMT

Omit This Setup Step and Your Router Can Be Easily Compromised

Ken Harthun Ken Harthun Profile: Ken Harthun


Last time, I stressed having a NAT router–or router/firewall–between your PC and the Internet as a first line of defense. This is without question the first, most important security step, but it can be useless unless you have it properly configured; in fact, omitting one crucial first step can leave you even more vulnerable to attack that you would be without the device.

All routers come with a default username and password, often as simple as admin/admin (when I’m faced with a router I haven’t seen before, this is the first thing I try–and it often gets me in). Default settings are a good thing because if you ever forget your password, you can reset the router and take it back to square one. However, this is also a dangerous security risk; these defaults are well known and published on the Web. Three of the more widely used consumer routers, Linksys, D-Link, and Netgear, have recently been shown to be vulnerable to a JavaScript web page attack. Go to the wrong site and if you haven’t changed the default password, the attacker can change your router’s settings to send you to malicious websites. For example, you’ll think you’re looking at your bank’s login page, but it will be a fake look-alike that steals your account information as soon as you log in.

So, put this on your list as Security Maxim #3: Always change the default username and password of any configurable device you put on your home network.

Next time: You’ve changed your default router password; you still may be vulnerable.

The Geek

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: