Your router is the drawbridge to your castle

In the middle ages, kings lived inside of castles, and these castles had moats around them to stop attackers from being able to get to the castle. A drawbridge was lowered to allow those into the castle who were wanted. If you think of your home or business as your castle, then your router acts as the drawbridge between the Internet and your castle.

Just about everyone has an always-on Internet connection in both their home and their business, and the manufacturer of this ubiquitous device is probably one of just a handful of companies. The price of these devices has dropped rapidly over the past several years, while at the same time the speed and power has increased. That is a mixed blessing.

The increased power of these devices has made them a target for hackers for a couple of reasons which are important to you: the ability to work as a computer if taken over and the ability to function as a safe gateway into your network.

The ability of a router to work as a computer has many benefits for the consumer, among which is the ability of the router to function as a media server, eliminating the need for a separate computer to act to serve your media (movies, pictures, etc.); just load up a large external hard drive with all of them and plug it into your router and you are all set to stream these to your TV, your tablet or your phone. OK, more likely the client is your kids’ TV, tablet or phone, but that is a distinction with a difference here. The ability of a router to function as a computer makes it an appealing target for hackers because they can use it to do two things which they want, one of which is to mine crypto-currency and the second is to act as a slave for distributed denial of service (DDOS) attacks. What are these things and why does this matter to you? Mining crypto-currency (Bitcoin, Ethereum, etc.) uses up a lot of CPU power, which means that they are not only using your electricity, they are also using up your equipment faster — shortening its usable lifespan. DDOS attacks are nasty things, which attempt to knock computers off of the Internet by hitting them with so many requests in such a rapid fashion that they are overwhelmed. You do not want to be part of that, especially since it is illegal.

The ability of your router to act as a safe gateway into your network is far more troubling. Back when we had castles, we had drawbridges. Back when everyone had their business data on paper, that paper was stored in a filing cabinet, possibly locked, in a room which would also be locked. You would not have handed any random person the key to your locked file room, and toward that end, you do not want to allow any random person on the Internet access to your router.

Here is where we get to the root of the problem: the majority of people are not changing the default passwords on their routers and the majority of routers deployed have a standard user name and one of three standard passwords. This means that a good percentage of the routers on the Internet are either already compromised or are likely to be compromised.

Just in case that is not bad enough, as of a few months ago, every one of the available measures of security (WEP, WPA, WPA2) had been compromised. WEP and WPA have been considered unsafe for several years now, but WPA2 has been the de-facto standard. The good news here is that the fix was not very hard to implement, and most of the manufacturers had fixes out within 72 hours. The bad news is that almost nobody knows that router firmware needs to be upgraded and even if they do, they are not signed up to get notifications of updates, so their routers remain unpatched. Going back to our drawbridge analogy, It is as if the chains which pull your drawbridge up snapped, but nobody bother to check that the drawbridge is actually raised — they just assume that since they turned the crank 30 times that the drawbridge is in a vertical position.

Your router is at the forefront of your Internet security. It is imperative that you perform these two tasks:
(1) change the password
(2) Regularly perform firmware upgrades as they become available.

If you do not know how to perform these tasks, check the manual that came with the router. If you do not have the manual, get the model number off of the router itself, go to the manufacturer’s web site and download a copy of it. None of this is beyond your ability. If you figured out how to get to this essay, you have the requisite skills to maintain your router. If you still believe you do not, call your IT professional, or ask your kids; after all they probably already know all of this and have been in your router to give their computers priority to allow their games to run faster.