Are You Sure Your Network Router Is Secure?

Updated: August 20, 2012

How secure is your router? That question is becoming increasingly difficult to answer for CIOs (chief information officers), CTOs (chief technical officers) and network administrators as they increase their dependence on wireless networks, which are susceptible to external attacks by unauthorized users.

Making matters worse is the projected expansion of wireless LAN infrastructures among small and large business, which will demand a greater number of wireless routers. Yankee Group Research Inc.'s "Anywhere Enterprise - Large: 2007 IT Infrastructure" survey reported that more than 80 percent of respondents had installed wireless networks , while a similar study for SMBs (small- to medium-sized businesses) indicated that over the next five years, 85 percent of organizations are likely to deploy wifi -enabled laptops as the standard-issue computing device for employees.

"All the traffic that goes to wireless routers is basically floating through the air and anybody can potentially eavesdrop," said Zulfikar Ramzan, senior principal researcher for Symantec Corp .'s Advanced Threat Research Team.

Branch Entries

At large companies, the branch office presents its own security problems, said Joel Conover, manager of network systems at the world's largest router manufacturer, Cisco Systems, Inc . "The branch tends to be one of the biggest points of incursion into a network because you've got employees that work at home and pick up [malware ] that they did not know they have, take that back to work and plug their machine into a LAN ," Conover said. He added that branches do not necessarily have IT staff to ensure that employees' patches are up-to-date.

According to Conover, another trend that branch offices are experiencing is the use of a greater variety of applications driven by Web 2.0 , such as IM (instant messaging), IP telephony and video conferencing. Additionally, traffic flow is no longer being transmitted from branch to headquarters to branch, but from branch to branch. "That demands a different type of security technology — specifically, a scalable way to interconnect these branches together," Conover said.

To strengthen security in the branch environment, Cisco Systems introduced GET VPN last year, which provides a securely distributed group key that allows any router with direct-access credentials to get that key and join a common, multipoint VPN network. The company has also pushed its unified wireless-network strategy, which centralizes authentication, standardizes security policies, and provides services like wireless-footprint management, or radio frequency and security-event monitoring, for wireless networks.

According to Phil Hochmuth, senior analyst at Yankee Group Research, another trend in routers is the development of a stand-alone blade, or even a Linux operating system running on a router as an auxiliary-processing engine to perform depacket inspection, Web-application firewall protection and other services. "If you try to do it all on the processor and operating system it might hinder performance, cause degradation in traffic and make the systems possibly unstable," Hochmuth said. "Also, a lot of devices have built-in Wweb servers as a management interface; those are often exploited if left unchecked."

The Next Attack

But for all the work that manufacturers do to prevent intrusion in routers, IT managers should always be prepared for the possibility of an attack. One intrusion program was recently identified by Symantec's Ramzan, along with Sid Stamm and Markus Jakobsson of the Indiana University School of Informatics . Called drive-by pharming, it allows attackers to create a Web page that, when viewed, results in significant configuration changes to a broadband router or wireless-access point. Once attackers successfully intrude, they can control the way you surf the Web and direct you to sites they have developed.

Some of the best practices to prevent such an intrusion include changing the default password on your wireless router and staying away from unfamiliar sites. IT managers can also depend on tight monitoring of incoming emails and encryption as mechanisms to prevent intrusion in routers. Ramzan emphasized that encryption is a powerful tool to prevent attacks during communication between devices on the router. It will prevent eavesdropping and keep intruders from learning what traffic is being sent between the devices and the router.

Ramzan noted, however, that "encryption is not everything." Authentication is often overlooked, he said, because encryption tends to be managed through separate means. "There is a separate authentication password and a separate encryption key and those things are not often tied," Ramzan said

Default Equals Bad

For many SOHO (small office and home office) users, companies tend to buy a product and install it onto the network without changing the default settings — settings that many hackers already know, Hochmuth observed. "It's not uncommon to see many SOHOs with 5 to 10 users behind one of these products not change the default setting for passwords or IP-address schemes, and that's the equivalent of buying a new house and not changing the locks," he said.

In the meantime, IT managers can do many things to prevent attacks via their routers. Conover said that IT managers must design an infrastructure that supports router security and remember to build a network that can deal with technologies that often are not compatible with am IT manager's goals. A good example is VoIP : Voice and security are not things that naturally work well together, with security closing up the network and voice acting as the conduit to connect anyone to anywhere, Conover said.

Ramzan also noted that it is important to know who in your organization can be trusted with encryption keys and routers codes.