Problem solve Get help with specific problems with your technologies, process and projects.

How to secure a wireless router to ensure remote admin service safety

Network security expert describes how to secure a wireless router and prevent the router's remote administration feature from being hacked.

I read that disabling a wireless router's remote administration feature can prevent hackers from taking over the...

wireless network. However, my organization needs to use this feature to administer the router remotely (the admin is not always on-site). What other security measures should be put in place to ensure the safety of my wireless router's remote admin feature?

Criminal hackers can certainly access and manipulate any network service that's available via the Internet. While disabling remote administration is a worthwhile thing to do to lock down the corporate network, the thing that most people don't tell you when making this recommendation is that the remote administration traffic destined to a wireless router will most likely have to be forwarded through a firewall or, in the case of SOHO users, a DSL or cable modem.

Ask the Expert

Want to ask Kevin Beaver a question about network security? Submit your questions now via email (All questions are anonymous.)

So just because the remote administration service is enabled, it doesn't mean that it's automatically available to anyone on the network. Wireless routers often make this service available via a high port number such as 8080. Unless and until you or someone in your business forwards that traffic onto the wireless router via port forwarding, then it's a non-issue. Furthermore, it's not normally enabled by default. When it is enabled, you run the risk of someone on the internal network connecting to the router's administration port, but they'll likely have to log in to do anything.

Regardless of whether your wireless router is directly connected to the Internet, there are a few things enterprises can do to ensure its remote administration feature is secure:

  • Change the default router password to a strong passphrase.
  • Change the default remote administration port number to something random.
  • Set strong passphrases for any additional user accounts that need remote administration capabilities.
  • Ensure you keep your wireless router's firmware up to date to minimize the vulnerabilities and subsequent exposure.

Enterprises should also perform a firewall rule base analysis (manual or automated using a tool such as AlgoSec Firewall Analyzer or SolarWinds Firewall Security Manager) on your firewall to see just what's being allowed. This exercise may quickly identify simple rules changes that will thwart many of the common attacks against routers and router services.

This was last published in May 2014

Dig Deeper on Network device security: Appliances, firewalls and switches