Cybersecurity: how to defend routers from hacker risk

Routers and webcams on IP networks need to be constantly defended by updating the security parameters in order to prevent them from becoming carriers of cyber attacks. Vincenzo Luciano Lucrezia (TIESSE): 'Certainly changing the password alone does not guarantee immunity'.

di Paolo Anastasio | @PaoloAnastasio1 | 16 gennaio 2017, ore 12:15

Too many internet users overlook the importance of the security of their routers, fundamental devices for our digital life and which, without the appropriate update in terms of protection, risk becoming access points for hackers to our sensitive data.

Routers are networking devices used to connect computers to the Internet and, according to Usa Today, are also an essential element in ensuring the integrity of domestic and corporate networks, acting as a firewall for protection of devices connected to local networks against malicious attacks arriving from the network.

Attention to routers and their security is therefore an important element in defending against possible attacks, such as identity theft, botnets and malware risk.

A massive DdOSS (Distributed Denial of Service) attack last October against Dyn Corporation, for example, was implemented by exploiting the security flaws of routers, webcams and other connected devices (IoT).

The attack against Dyn, a major provider of Domain Name Systems (DNS), temporarily blocked several prominent sites in the network including AmazonTwitterSpotifyNetflix and PayPal.

A DDoS attack occurs when a Domain Name System is invaded by such a large amount of data traffic as to cause the closure of certain websites. Often, the traffic is conveyed by a botnet army installed on the computers of unsuspecting users, whose PC has been infected to be then used for remote attacks by sending a large quantity of communications, necessary to cause the DDoS attack. The problem was intensified with infection not only of the PCs but also of the myriad of devices connected to the network.

In the USA, the Federal Trade Commission (FTC) has filed a formal accusation against the manufacturer D-Link Corporation, guilty in its opinion of not having put in place the necessary measures to protect its network of routers and webcams over IP networks, thereby exposing its customers to hacker risks. IP webcams are widely used by consumers and companies for remote security control of homes and production facilities, including, for example, children's rooms and the garden where children spend their time (with 'electronic babysitter' function).

D-Link denied the accusations, but according to Jessica Rich, Director of the FTC Bureau of Consumer Protection, “hackers are increasingly targeting routers and IP webcams, thus exposing the devices and personal data of consumers to risk. When manufacturers say that their products are secure, it is fundamental to do everything possible for that to be true".

The FTC's accusation against D-Link includes, among other things, lack of protection of user login credentials on routers and webcams, with obvious risks of intrusion and theft of sensitive data by malicious persons, including the access credentials to the bank account and social security data of unsuspecting customers.

How to protect the router? Vincenzo Luciano Lucrezia (TIESSE): ‘Changing the password is not sufficient’

Once a router has been installed, the first thing to be done is to change the default password with stronger credentials. Anyone who did not do this at the time of installation should do it now. In addition, it is necessary to download the latest security updates for the router as soon as available. Few routers perform an automatic update of security parameters, and it is therefore necessary to check the manufacturer's website to keep up with the latest developments.

'Nevertheless, certainly changing the password alone does not guarantee immunity'. The router itself, by analysing the incoming traffic to its communication ports must be able to detect whether this hides attacks and possibly put in place the appropriate remedies”, says Vincenzo Luciano Lucrezia, Technical Director of Tiesse, the Ivrea-based company specialising in made-in-Italy routers for mission critical networks.

“The most modern routers have application traffic recognition functions associated with IDS (Intrusion Detection System) functions that can identify whether the traffic hides 'malicious' actions that could damage the operation of connected systems and of the network itself – continues Lucrezia – These are also combined with IPS (Intrusion Prevention System) functions, i.e. systems capable not only of reporting the threats identified, but also of reacting autonomously to block them. Similarly to what happens with antivirus software for PCs, the recognition functions must be continually updated in order to cover new forms of attack”, concludes Lucrezia.

At the latest edition of CES in Las Vegas which has just ended, routers with automatic security update made there first appearance.