I have here at home a router, like many people out there. The router is connected with an Ethernet cable that comes from the modem.
But, to prevent hackers or anything else to try bothering me, if I'm not using the router, is removing the Ethernet cable a good security measure? Or it doesn't do that much in security, so I should leave it always connected?
If there is not an internet connection to your device then a hacker is not going to be able to communicate with that device. (Edit: As some have pointed out...this is assuming an attacker is attempting over the internet from a remote location)
With that said, eventually you will have to connect to the internet again if you want to use the internet and if you were to eventually obtain malware on your computer such as a keylogger. That keylogger is going to rely on the internet to send its data back to the hacker. If the keylogger is written properly, when you disconnect, it will just wait for you to connect to the internet again to send its data back to the attacker.
In my opinion, I think disconnecting from your internet will prove to be more of a hassle than a protection. Instead, focus on the security of your device and your actions on the internet. Being a smart internet user can provide a great deal of security to your device.
Elaboration (EDIT):
I do agree that this method with decrease the time of opportunity for an attacker but the reason I chose to put emphasis on endpoint security and user education is because if you imagine an enterprise environment, they have devices and services that rely on an internet connection 24/7. So an enterprise can't rely on disconnecting from the internet as a viable security measure. Instead they focus on securing the devices on the network and the network itself. So I believe this will achieve 2 things: 1) greater security. 2) better user experience(always have internet access on demand) and I believe you can apply these strategies to your personal network as well.
This would reduce your risk by minimizing the time the attack surface is vulnerable to attack so yes technically it is a helpful security control. It falls into the category of Layer 1 access control in the OSI model.
This said you are also losing data created by attackers at night which could be useful for trending attackers activity. It might still be possible to collect this while physically unplugging the network but if you aren't collecting this type of data currently you aren't losing anything by doing this.
More importantly, it sounds like you don't have enough security controls in place to trust what's going on with your network so you still need to address that at some point too.
As a basic security control, it does lend itself to a reduction in attacks being able to access your systems especially ones that are tested against large blocks of IP's or the Internet as a whole which may be run during the time your systems are disconnected. So yes there is some benefit and if this benefit outweighs any downside it sounds like it would be a good security measure in your situation. Keep in mind that this will have almost no impact on a persistent attacker it mainly helps with reducing the number of large-scale attacks, large-scale reconnaissance efforts, or when things like worms occur on the Internet.
Note: Your router will still be vulnerable to attack in the scenario you mention. I'm assuming this is because some other equipment needs access but if not you might think about disconnecting the WAN cable or even turning off the router itself. This may not be an option but I just thought I'd mention this given your scenario.
Something else you may want to consider as an alternative option is scripting your firewall rules, or system(s), to disable their interfaces on a set schedule or via a simple script you run to turn things on and off.
Given how many attacks are aimed at routers, the number of security flaws / backdoors in consumer grade routers, and the fact your router is an always-on gateway to the big bad internet, I'd say powering the router down is easier and a more effective measure than disconnecting your PC from it. You're moving the (debatable) security benefit one step further up the chain.
You could even put your router on a timer-socket or one of those remote-control mains sockets for laziness.
I won't speculate on how much real-world benefit this might give as it's subject to so many variables and your own personal paranoia level.
From a security point of view it is not really a good measure. Security is the triad Confidentiality, Integrity, Availability. If you only consider Confidentiality, everything that could add isolation is good. So removing the cable when you're not using the internet is fine: you reduce the exposure to attacks. It is also fine for integrity for the same reason. But it is terrible on availability. Network connectors are not intended to be plugged and unplugged too often, and you are likely to break the little piece that prevents the connector to get out of the plug on the littlest action. And in the end, chances are that you add network errors later.
IMHO, you can safely switch the router off, but do not attack it at the connectors level...
And anyway, Trey Blalock's answer already explained that the gain was not really important, so please keep away...
This is only a good protection against remote brute force attacks, where the attacker is trying to quickly and automatically guess common passwords to gain access. This can be more effectively thwarted by enabling rate limiting, both on the router and on any services that you have enabled inside the network, by choosing secure login mechanisms, such as key rather than password login for SSH, and strong, auto-generated passwords where necessary.
It is an ineffective protection against unpatched exploits. Most of these end up taking a very short time to run against a connected device because they bypass the authentication mechanism and avoid (or minimise) the necessity for brute force. There are several reports, for example, of old desktop computers connected directly to the internet being hacked within minutes. So you had better make sure the router always has the latest security patches installed. You should also ensure that the configuration interface can't be reached from the internet, if at all possible.
And as @ncd275 points out, it is useless against information disclosure by machines inside the network.
Your computer is still powered. Even when "off", CPU is powered and can perform any kind of instructions while fans and disks are not powered. A government agency (may it be NSA, MI6, Mossad...) may have injected a rootkit in your AC converter (source). The rootkit can istruct the CPU to perform operations on data available in RAM (which is still powered) and send them home.
The rootkit may also use webcam and microphone to detect human presence and spin the drives when no one is in the room.
Disconnecting the Ethernet cable does reduce the attack surface. But you must measure it properly.
When the computer is off, by knowing its MAC address, anyone with LAN access can turn it on by using wakeup-on-lan protocol and try to perform other malicious operations depending on your computer's security level and OS.
But how can WOL be used? Do you have free or weak-passworded wifi? Could your router forward a WOL packet to your LAN if crafted correctly?
The second might a yes to me, especially with a home router configured with its default settings (even if you changed your password).
Maybe but not really, however, it could reduce damage done elsewhere.
Sure, you're reducing attack surface with time constraints. For example:
But the most likely vector for getting malware is by visiting a site or opening malware from an email. And neither of these changes when you disconnect your computer. As another answer pointed out it won't prevent malware from communicating with their command server later. The fact you're considering disconnecting your computer shows it's not a service machine (DB server etc) but a user machine - the odds are definitely in favor of the interactive way of getting malware.
By disconnecting you may be reducing the damage the malware is able to do to others. Your machine wouldn't be able to participate in those or other activities that require the malware to be online: bruteforcing other machine's RDP, scanning other machines for vulnerable services, spreading copies to other machines...
Further - turning your machine off would not only cover the same cases as disconnecting it, but also activities the malware may not need connection for: mining bitcoins, reversing password hashes. And it's much more user-friendly with a button usually available for just that purpose.
Another paranoid thing to consider: unplug the cable box itself :)
To add my two cents: it depends.
Also, this sounds like the kind of process that could easily fail (i.e. you forget, fall asleep at the keyboard, or need to allow someone else to use the connection).
If you are chosing to unplug it when unused as opposed to making it resilient against attacks, then I think it is in fact a net negative.
If you are chosing to unplug it even though you have done all you can to make it resilient to attack, then that might be acceptable as a short-term stopgap measure while you figure out a more permanent solution.
But I don't think there is any case where removing ethernet cables is a good long-term solution.
Even if doing so would not generally cause other issues, it simply doesn't seem like a solid solution - it sounds like avoiding an issue rather than addressing it (I may very well be wrong).
A possibly more productive line of reasoning might involve considering what that router being compromised could lead to, and what counter-measures might apply.
I suspect your ISP modem is more likely to be compromised (e.g. ala mirai), which may or may not lead to your router also being compromised, but would in most cases be functionally equivalent - someone else potentially controls your routing and may be able to see unprotected traffic. So you sort of need to have a plan against that either way.
In that sense, unplugging the ISP modem might be more useful, but you remain exposed when it is plugged in - and I am not sure the reduction in attack surface (if restricting the amount of hours a device is online can be seen as reducing that) is really going to be effective. This is all the more so as ISP deploy large numbers of identical devices, so most likely, if your modem was 'seen' online, attackers would know what it would be vulnerable to - you just give them a bit less opportunity to launch the attacks that they know work against your ISP.
So if I was you, I would look into how having your network path compromised would affect you, and do something about that. It certainly doesn't hurt to keep an eye on your router's logging, notably, to (try and) detect signs of compromise, but I don't know that that is the primary risk I would be concerned about.
Assuming that you are an average home user, ask yourself what exactly it is that you are trying to protect yourself from.
There are two basic attack scenarios to your home PC. Your unplugging partially disables one of them. From there, you need to answer yourself if the hassle is worth the effect.
Firstly, you can be attacked by visiting a malicious site, or a benign site with malicious advertisement malware, or by receiving spam email with malware or any of a dozen other ways that basically attack you as you interact with the attack source. These kinds of attack are entirely unaffected by your nightly unplugging.
Secondly, an attacker can attack (most likely blindly) your IP or network range. His target can be your PC, or it can be the router itself. Your unplugging will work only against the attacks that target the PC, and only during the night.
My statistics professor said that when you don't have data even for a guess, assume even distribution. So your unplugging will work one third (8 of 24 hours) of the time, against 50% of direct attacks which are 50% of all attacks, for a total effectiveness of 8%. Of course that's not a precise number, it serves only to illustrate you what the magnitude of reduction of attack surface is.
With that in mind, I think you can decide for yourself.
I'd say to leave the poor cable alone. They are too fragile for what you propose.
And routers are not always friendly when they get power cycled.
I would propose that you just power off the modem when you want to be disconnected from the outside world.
