Keeping your home router up to date and configured properly

[dalanmiller]

A key area of home network security is making sure your router is up to date.

A few recommendations:

• Ensure that your router is using the most recent firmware (advanced users can install OpenWRT). This is as easy as downloading a new firmware from the manufacturer of your router and uploading it to your devices admin panel.
• Ensure that the admin password on your router is changed from the default.
• Set your DHCP settings to offer 1.1.1.1 and 1.0.0.1 as the advertised DNS server.
• Ensure that your wifi is using WPA2 and to disable WPS

Resources:

• How to Update Your Router - Toms Guide
• Why you need to update your router - Consumer Reports
• Rarely Patched Software Bugs in Home Routers Cripple Security

[brianlovin]

This is perfect. It's definitely more of an advanced topic, but we should add it. Would you be open to submitting a PR @dalanmiller? Basically we'd just want another file in config/data.js with this information, and make sure the formatting looks good at the end!

Maybe there are even a couple routers that we could recommend people to buy over a traditional low-end router?

[zachflower]

I love this, but I wonder if it would make sense to roll this up into a larger Patch Management context? Unpatched devices are a significant security risk and a commonly-exploited attack vector (NotPetya, the Equifax hack, etc).

[brianlovin]

@zachflower 👋good point. I'm not sure exactly the ideal way to structure this, since patch management applies to all software. Because it is so broad, maybe the section should be "Update your software" and add a note about router updates?

[ghost]

@brianlovin Just opened an issue about updates. Definitely think a section would be good. Also @zachflower mentioned NotPetya which was ransomware, do you think a section about educating people about Ransomware would be good too? Maybe like the one that was done for Phishing.

[zachflower]

I think a topic about Ransomware is smart @ty53. It's been a major issue for the past couple years, so providing more education about how it works and how to protect yourself would be really valuable.

[joachimesque]

There's a few more steps in this guide: https://decentsecurity.com/#/routerwifi-configuration/ (the "guest isolation" setting for IoT devices is relevant)

As for the Ransomware topic, it's a very good idea, and explaining how we get infected is an important first thing to explain.

[jgallias]

Mesh, auto-updating routers may be the best option for most people: Google WiFi, eero, Orbi, etc. Just trying to update the stock firmware on most routers is beyond the capability of your non-technical friends and family. I think going outside the first-party firmware update mechanism (DD-WRT, OpenWRT, etc.) should be considered an "Advanced" topic.

[szepeviktor]

Here is a live list of hostile networks https://github.com/szepeviktor/debian-server-tools/tree/master/security/myattackers-ipsets I run a bunch of servers and analyze the blocked IP-s in the firewall, this is the result.