Wireless modems and routers have become ubiquitous in homes and small offices. However, the default configurations on most of these devices leave much to be desired from a security perspective.
Here are some key considerations when setting up a wireless modem:
- Change the default admin password – This seems obvious but a surprising number of people leave the default credentials in place. Tools like RouterSploit make it trivial to exploit default credentials on network devices.
- Use WPA2 with AES – WEP is broken beyond repair. WPA with TKIP has known weaknesses. WPA2 with AES (CCMP) is the minimum acceptable standard.
- Disable WPS – Wi-Fi Protected Setup has a well-documented brute force vulnerability. Disable it entirely.
- Update firmware regularly – Router vulnerabilities are discovered frequently. Keep your firmware current.
- Change the default SSID – While not a direct security measure, the default SSID identifies your router model, making targeted attacks easier.
- Consider MAC filtering – Not foolproof (MAC addresses can be spoofed) but adds another layer.
The reality is that most home users never change any settings from the defaults. ISPs could do a much better job of shipping devices with secure default configurations.