I read that disabling a wireless router's remote administration feature can prevent hackers from taking over the...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
wireless network. However, my organization needs to use this feature to administer the router remotely (the admin is not always on-site). What other security measures should be put in place to ensure the safety of my wireless router's remote admin feature?
Criminal hackers can certainly access and manipulate any network service that's available via the Internet. While disabling remote administration is a worthwhile thing to do to lock down the corporate network, the thing that most people don't tell you when making this recommendation is that the remote administration traffic destined to a wireless router will most likely have to be forwarded through a firewall or, in the case of SOHO users, a DSL or cable modem.
Ask the Expert
Want to ask Kevin Beaver a question about network security? Submit your questions now via email (All questions are anonymous.)
So just because the remote administration service is enabled, it doesn't mean that it's automatically available to anyone on the network. Wireless routers often make this service available via a high port number such as 8080. Unless and until you or someone in your business forwards that traffic onto the wireless router via port forwarding, then it's a non-issue. Furthermore, it's not normally enabled by default. When it is enabled, you run the risk of someone on the internal network connecting to the router's administration port, but they'll likely have to log in to do anything.
Regardless of whether your wireless router is directly connected to the Internet, there are a few things enterprises can do to ensure its remote administration feature is secure:
- Change the default router password to a strong passphrase.
- Change the default remote administration port number to something random.
- Set strong passphrases for any additional user accounts that need remote administration capabilities.
- Ensure you keep your wireless router's firmware up to date to minimize the vulnerabilities and subsequent exposure.
Enterprises should also perform a firewall rule base analysis (manual or automated using a tool such as AlgoSec Firewall Analyzer or SolarWinds Firewall Security Manager) on your firewall to see just what's being allowed. This exercise may quickly identify simple rules changes that will thwart many of the common attacks against routers and router services.
Related Q&A from Kevin Beaver
When replacing an email security gateway, should a Web security gateway be used or another email gateway? Expert Kevin Beaver explains.continue reading
Expert Kevin Beaver explains how organizations should address end-of-software development dates, and what they ultimately mean to enterprise security.continue reading
Are read-only domain controllers a more secure option for setting up domain services in a DMZ than using a separate domain? Expert Kevin Beaver ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.