Golden Rules of Computer Security - 3

• Home Page
• Free Newsletters
  • Aug 1, 2010
  • June 15, 2010
  • June 1, 2010
  • May 1, 2010
  • Apr 1, 2010
  • Mar 1, 2010
  • Feb 15, 2010
  • Subscribe
  • Older Newsletters
• Computer Forum
• Computer Articles
  • Windows 7
  • Windows Vista
  • Windows XP
  • Home Server
  • Ubuntu Linux
  • General Computer
  • Computer Security
  • Audio and Video
  • Internet and Email
  • Microsoft Office
• Free Software
  • Security Software
    • AntiVirus
    • AntiSpyware
    • Firewall
    • Scan and Remove
    • Other Tools
  • PC Maintenance
    • Clean and Tune
    • Backup Software
    • Uninstallers
    • Other Tools
  • PC Utility
    • Disk and File
    • System Utilities
    • Desktop / Gadgets
    • Miscellaneous
  • Internet and Email
    • Browsers
    • Email Software
    • Other Tools
  • Audio and Video
    • Players
    • Rip and Burn
    • Convert and Edit
    • Copy and Record
    • Other Tools
  • Photos and Image
    • View and Organize
    • Edit
    • Other Tools
  • Productivity
    • Home and Office
    • Organizers
• Dave's Picks
  • Antivirus / Firewall
  • Audio and Video
  • Desktop Software
  • Internet and Email
  • PC Hardware
  • PC Maintenance
  • PC Utility
  • Photos and Image
  • Spyware / Malware
• Links
  • General Computer
  • Free Software
  • Windows Vista
  • Spyware Info
  • Software Vendors
  • Virus Info
  • Computer Security
  • Email Security
  • General Interest
  • Personal Websites
• Broadband Test
• Password Test
• Please Donate
• Sitemap
• Site Policies
• About Us

Omit This Setup Step and Your Router Can Be Easily Compromised

Golden Rule #2 stressed having a NAT router–or router/firewall–between your PC and the Internet as a first line of defense. This is without question the first, most important security step, but it can be useless unless you have it properly configured; in fact, omitting one crucial first step can leave you even more vulnerable to attack that you would be without the device.

All routers come with a default user name and password, often as simple as admin/admin (when I’m faced with a router I haven’t seen before, this is the first thing I try–and it often gets me in). Default settings are a good thing because if you ever forget your password, you can reset the router and take it back to square one. However, this is also a dangerous security risk--these defaults are well known and published on the Web. A couple of years ago, for example, three of the more widely used consumer routers, Linksys, D-Link, and Netgear, were vulnerable to a JavaScript web page attack. Go to the wrong site and if you haven’t changed the default password, the attacker can change your router’s settings to send you to malicious websites. For example, you’ll think you’re looking at your bank’s login page, but it will be a fake look-alike that steals your account information as soon as you log in.

While the manufacturers try to patch such vulnerabilities, users often don't apply the patches and even if they do, determine hackers often find other ways in. As recently as October, 2009, a blogger who stumbled across a vulnerability in more than 65,000 Time Warner Cable customer routers says the routers are still vulnerable to remote attack, despite claims by the company that it patched the routers. A report by Wired found that 45 percent of 2,729 publicly accessible Linksys routers still had a default password in place.

And that is precisely why you should put this on your list as Golden Rule #3: Always change the default user name and password of any configurable device you put on your home network.

Ken Harthun is the Security Editor for Daves Computer Tips. He also writes about security issues for IT Knowledge Exchange and blogs on general Geek things at Ask the Geek. You can read more about Ken here.