2

My home network used to be completely unsecured. I'm not sure if there was a firewall, though I did almost nothing through it. Last week I added a password to the Wifi connection, and yesterday I changed the router admin password.

If there had been any keyloggers or sniffers on the router previously, would new passwords have helped at all?

Birds
  • 21
  • 2
  • Does your router have a keyboard? – FMaz Jun 21 '17 at 01:59
  • The router itself, no. – Birds Jun 21 '17 at 02:20
  • 1
    If the firmware has been compromised, an attacker may be able to reverse any changes you've made. As it's hard to tell if that has happened, I'd recommend either getting a new router and setting it up securely from the start, or completely factory resetting your router and reinstalling the firmware. To answer the actual question: Having a WiFi and admin password certainly can't hurt, but don't assume that by setting them you are secure. EDIT: Check out this superb answer to a similar question: https://security.stackexchange.com/a/138419/126981 – JonRB Jun 21 '17 at 06:02
  • Oh never mind, I misread and thought you were scared someone installed a keylogger on your router :) – FMaz Jun 21 '17 at 06:03
  • You might as well close the barn door. It can't hurt. If you have a key logger then you are no worse off than you were before. But I certainly would do it. Plus, you never know when you might get another horse. – SDsolar Jul 24 '17 at 19:16
  • As for firewalls, you would know it if you have one. They are separate appliances that connect between the modem and the rest of your network, usually through a router, or using an internal router if the firewall has one. NAT (Network Address Translation) helps with security, but it certainly does not qualify as a real firewall. You can buy name-brand older firewalls for good prices now. Highly recommended so you can keep out unsolicited traffic from outside. – SDsolar Jul 24 '17 at 19:19

2 Answers2

1

As always, it depends. The right mitigation depends on the situation. In your situation (home user), I'd say just overwrite the firmware with the latest original version and reconfigured everything with a administrative password in place.

Configuration

During configuration consider things like "Strength of Wifi and administrative password? Is uPnP necessary? Or WPS? DMZ? Do I use WEP/WPA instead of WPA2? Setup a scoped Guest network? What Firewall options do I have?"

Back to basics

Make sure it's the original firmware you've downloaded (using a checksum check). That basically ensures that you have the original firmware running and not another version with a backdoor.

Risk (likelihood / impact)

Was it a router in a highly confidential area? Then, I'd calculate the risk based one the likelihood and impact (possible damage) and possibly consider to throw the router away and setup a new one.

What's next?

Also keep in mind that not only the router here is the potential risk. Make sure you audit the configurations and scan all your devices in the network accordingly.

Bob Ortiz
  • 6,234
  • 8
  • 43
  • 90
0

The first thing most exploits do when they infect a system is install a backdoor which is independent of the target device's access management system. This gives the attacker their own separate access to the device to control it, so changing the admin password won't prevent them from accessing it.

If you have a reason to suspect that your router has been compromised then you'd need to completely wipe it and install firmware from a trusted source.

GdD
  • 17,291
  • 2
  • 41
  • 63