Are You Sure Your Network Router Is Secure?

Updated: April 30, 2009

How secure is your router? That question is becoming increasingly difficult to answer for CIOs (chief information officers), CTOs (chief technical officers) and network administrators as they increase their dependence on wireless networks, which are susceptible to external attacks by unauthorized users.

Making matters worse is the projected expansion of wireless LAN infrastructures among small and large business, which will demand a greater number of wireless routers. Yankee Group Research Inc.'s "Anywhere Enterprise - Large: 2007 IT Infrastructure" survey reported that more than 80 percent of respondents had installed wireless networks , while a similar study for SMBs (small- to medium-sized businesses) indicated that over the next five years, 85 percent of organizations are likely to deploy wifi -enabled laptops as the standard-issue computing device for employees.

"All the traffic that goes to wireless routers is basically floating through the air and anybody can potentially eavesdrop," said Zulfikar Ramzan, senior principal researcher for Symantec Corp .'s Advanced Threat Research Team.

Branch Entries

At large companies, the branch office presents its own security problems, said Joel Conover, manager of network systems at the world's largest router manufacturer, Cisco Systems, Inc . "The branch tends to be one of the biggest points of incursion into a network because you've got employees that work at home and pick up [malware ] that they did not know they have, take that back to work and plug their machine into a LAN ," Conover said. He added that branches do not necessarily have IT staff to ensure that employees' patches are up-to-date.

According to Conover, another trend that branch offices are experiencing is the use of a greater variety of applications driven by Web 2.0 , such as IM (instant messaging), IP telephony and video conferencing. Additionally, traffic flow is no longer being transmitted from branch to headquarters to branch, but from branch to branch. "That demands a different type of security technology — specifically, a scalable way to interconnect these branches together," Conover said.

To strengthen security in the branch environment, Cisco Systems introduced GET VPN last year, which provides a securely distributed group key that allows any router with direct-access credentials to get that key and join a common, multipoint VPN network. The company has also pushed its unified wireless-network strategy, which centralizes authentication, standardizes security policies, and provides services like wireless-footprint management, or radio frequency and security-event monitoring, for wireless networks.

According to Phil Hochmuth, senior analyst at Yankee Group Research, another trend in routers is the development of a stand-alone blade, or even a Linux operating system running on a router as an auxiliary-processing engine to perform depacket inspection, Web-application firewall protection and other services. "If you try to do it all on the processor and operating system it might hinder performance, cause degradation in traffic and make the systems possibly unstable," Hochmuth said. "Also, a lot of devices have built-in Wweb servers as a management interface; those are often exploited if left unchecked."

The Next Attack

But for all the work that manufacturers do to prevent intrusion in routers, IT managers should always be prepared for the possibility of an attack. One intrusion program was recently identified by Symantec's Ramzan, along with Sid Stamm and Markus Jakobsson of the Indiana University School of Informatics . Called drive-by pharming, it allows attackers to create a Web page that, when viewed, results in significant configuration changes to a broadband router or wireless-access point. Once attackers successfully intrude, they can control the way you surf the Web and direct you to sites they have developed.

Some of the best practices to prevent such an intrusion include changing the default password on your wireless router and staying away from unfamiliar sites. IT managers can also depend on tight monitoring of incoming emails and encryption as mechanisms to prevent intrusion in routers. Ramzan emphasized that encryption is a powerful tool to prevent attacks during communication between devices on the router. It will prevent eavesdropping and keep intruders from learning what traffic is being sent between the devices and the router.

Ramzan noted, however, that "encryption is not everything." Authentication is often overlooked, he said, because encryption tends to be managed through separate means. "There is a separate authentication password and a separate encryption key and those things are not often tied," Ramzan said

Default Equals Bad

For many SOHO (small office and home office) users, companies tend to buy a product and install it onto the network without changing the default settings — settings that many hackers already know, Hochmuth observed. "It's not uncommon to see many SOHOs with 5 to 10 users behind one of these products not change the default setting for passwords or IP-address schemes, and that's the equivalent of buying a new house and not changing the locks," he said.

In the meantime, IT managers can do many things to prevent attacks via their routers. Conover said that IT managers must design an infrastructure that supports router security and remember to build a network that can deal with technologies that often are not compatible with am IT manager's goals. A good example is VoIP : Voice and security are not things that naturally work well together, with security closing up the network and voice acting as the conduit to connect anyone to anywhere, Conover said.

Ramzan also noted that it is important to know who in your organization can be trusted with encryption keys and routers codes.

Related Categories
Featured Research
  • Securing Enterprise Information Technology

    In the 1980s and 1990s, business applications and data were largely confined within and protected by a Local Area Network (LAN). The 2000s introduced a significant change. Download this white paper now to learn why the shift to the cloud is changing how companies think about and manage their IT infrastructure. more

  • Office365 Adoption eGuide

    Microsoft moved to the cloud in 2014, and, as a result, Office 365 is taking off. Now, Okta customers are connecting to Office 365 in increasing numbers. This eGuide explains why IT departments should plan and deploy solutions around identity and mobility management in concert with their Office 365 roll out to get maximum user adoption. more

  • Okta Directory Integration

    For most companies, Active Directory (AD) or Lightweight Directory Access Protocol (LDAP) play a central role in coordinating identity and access management policies. When on-premise applications are integrated to Active Directory or LDAP, users get the best possible experience. That's why Okta's cloud-based identity and access management service provides a highly useful single integration point. more

  • Top 8 Identity and Access Management Challenges with Your SaaS Applications

    With more and more businesses adopting Software-as-a-Service (SaaS) applications, enterprise IT is fundamentally changing. This whitepaper presents the eight biggest Identity and Access Management (IAM) challenges associated with adopting and deploying cloud and SaaS applications, and discusses best practices for addressing each of them. more

  • Better BYOD with Pulse Secure and MDM Partners

    Learn how Pulse Secure and leading MDM product partners are transforming the way employees and IT benefit from the productivity and flexibility of BYOD — without compromising security or increasing management complexity. more