Reader Scott Adler wrote recently to tell me about an interesting article on cable/DSL router security. I found it interesting that the mainstream computer media, in this case it was an article at CNET News.com, that was warning people to change the default password on their cable and DSL routers.
For a long time, my security recommendations for wired and wireless routers include the recommendation that you change the password on the router from the default to one of your choice..
What’s the default password for a router? It’s the password that you have to enter to edit the router settings. Many users use their router’s default password to set up the router initially. Then, they forget all about changing the password — or they worry that they won’t remember it so they decide not to change it.
Why is it important to change the router’s password? You should change the password because it’s one more door that can be locked to protect your computer and your Internet computing.
Here’s a scenario: You’ve heard of the adware and spyware programs that can get installed by your web browser, especially ActiveX ones when you (or your kids) run Internet Explorer. But, often the item installed is a "downloader" that then calls home to download whatever the bad guy wants sto have installed.
What about web browsers? Can an ActiveX or Javascript program do the same thing? Maybe. Actually, that’s what the CNET article was warning about…
Sometimes this is a remote control program. If someone has remote control of your computer, they can go from it to your router, log in with the default password, and then mess up your connection. That’s the mild vandalism effect.
But, what if the bad guy wanted to route you to HIS search engine instead of Google — or his fake bank site instead of a real bank site?
That’s right, your router gets the DNS information (the translation of name-based web addresses to IP addresses, for example, www.google.com to 216.239.37.99) from your ISP. But your computer gets its DNS info through the router — or sometimes, VIA the router. Some router settings cause the connected computers to simply pass the DNS request upstream to the router, instead of sending it through the router to the ISP’s domain name servers.
So, what happens if the bad guy can “poison” the routing information in the router? What happens if he points your router to HIS domain name servers, which redefine the bank, Google, Paypal and other sites to his fake sites?
Can your antivirus program, antiadware, antispyware, antitrojan, firewall or similar program find the problem? No, the problem isn’t on your computer, so it’s not going to find it.
He’s got you.
If you have a cable router, if you have a DSL router, change your router’s password.
and