I have always disagreed with the phrase '127.0.0.1 is unique in the T-shirt'. I know you might think it should be considered 'home', but for me, I think it should It's 'local host is a unique place', just like there are two identical rings in the world.
In this article, I want to discuss some broad issues: the entrance to the home network, for most people it is a cable or broadband router.
What is the use of the router?
The router is very important. It is used to connect one network (in this article, our home network) with another network (in this paper, the Internet, through our Internet service provider's network).
In fact, for most people, the small box we call the 'router' can do much more than we think. 'Routing' a bit just as it sounds: it makes it in the network The computer can find a path to send data to a computer on the external network - when you receive the data, and vice versa.
In other functions of the router, most of the time it is also used as a modem. Most of us connect to the Internet through a telephone line - whether it is a cable or a standard telephone line - despite the latest The trend is to connect to the home via the mobile internet.
When you connect over a telephone line, the Internet signal we use must be converted to something else, as is the return signal (from the other end). For those who remember the past 'dial-up' era, It is the small box on the side of your computer that makes a harsh sound for surfing the Internet.
But routers can do a lot of things, sometimes a lot of things, including traffic logging, as a wireless access point, providing VPN functionality for external access to your intranet, child Internet access, firewalls, etc.
Today's home routers are getting more and more complicated; although national actors will not think about breaking it, others may.
You will ask, is this important? If others can access your system, they can easily attack your laptop, phone, network device, etc. They can access and delete unprotected personal data. They can Pretend to be you. They use your network to store illegal data or to attack other people. Basically all bad things can be done.
Fortunately, today's routers tend to be set up by Internet providers. The implication is that you can forget about its existence and they will guarantee that it is running well and safe.
So are we safe?
Unfortunately, this is not the case.
The first problem is that Internet providers do these things within a limited budget, and using cheap devices to do these things can maximize their benefits.
Internet providers' routers are getting worse and worse, and they are the preferred target for malicious attackers: If they know that a particular model of router is being installed in millions of homes, it's easy to find the motive for the attack because of the attack on that model. Routers are very valuable to them.
Other issues that arise include:
The process of fixing bugs or vulnerabilities is slow. Upgrading the firmware may cost the Internet provider a high cost, so the repair process can be very slow (if they are going to fix it).
It's very easy to get or default the administrator password, which means that the attacker doesn't even need to find the real vulnerability - they can log in to the router.
Countermeasures
For routers that enter the Internet's first hop, how can we improve its security? Here is a list of quick responses. I list them in order from simple to complex. Before you make any changes to the router. , you need to save the configuration data first, so that you can roll back them when you need them.
1, password: Certainly, be sure to change the administrator password of your router.
You may rarely use it, so you must record your password somewhere. It is used very little, you can consider pasting the password on the router, because the router is usually placed on an authorized person ( 5 and you and your family can get in touch.
2, only allow administrators to access from within : Unless you have good reasons and you know how to do it, don't allow any machine to manage your router from an external Internet. There is one such setting on your router.
3, WiFi password : Once you have done the second point, also make sure the WiFi password on your network - Whether it's set to your router management password or something else - it must be a strong password.
For simplicity, set a 'friendly' simple password for the visitors who connect to your network, but if a malicious person nearby guesses the password, the first thing he does is look up the router in the network. Because he is on the internal network He can access the router (hence, point 1 is important).
4, only open what you know and is what you need: As I mentioned above, modern routers have a variety of cool options. Don't use them. Unless you really need them, and you really understand what they do, and what is the danger of opening them. Otherwise, it will increase the risk of your router being attacked.
5, buy your own router : Replace your router with your Internet provider with a better router. Go to your local computer store and ask them for some advice. You may spend a lot of money, but you may also encounter some very cheap devices. , and better than you have now, more powerful and safer.
You can also buy only one modem. It's easy to set up your modem and router, and you can copy the configuration from your Internet provider to your device, which generally works fine.
6, update the firmware : I like to use the latest features, but usually this is not easy. Sometimes, there will be a firmware update prompt on your router. Most routers will automatically check and prompt you to update it the next time you log in.
The problem is that if the update fails, it will have catastrophic consequences. 6 Or if you lose configuration data, you will need to re-enter it. But you really need to consider continuing to focus on fixing firmware updates to fix security issues and update them.
7, turn to open source: There are some very good open source router projects that you can use on existing routers to replace their firmware/software with open source software.
You can find many such projects on Wikipedia, and search for 'router' on Opensource.com, you will see a lot of very good things. Be careful for cautious people, this will make your router lose warranty , But if you want to really control your router, open source is always the best choice.
other questions
Once you improve the security of your router, your home network will be fine - this is an illusion, which is not the case.
What is the security of your home IoT device (Alexa, Nest, doorbell, smart light bulb, etc.) How secure is VPN connection to other networks? Malicious host over WiFi, malicious application on your child's phone...?
No, you will never have absolute security. But as we discussed earlier, there is no such thing as absolute 'security', but it does not mean that we do not need to improve security standards to make it more difficult for bad guys to do bad things.
