Protected Voices: Router Hardening
The FBI’s Protected Voices initiative provides cybersecurity recommendations to political campaigns on multiple topics, including router hardening, to help mitigate the risk of cyber influence operations targeting U.S. elections.
Did you know there is one device that all your traffic goes through? Your emails, your web surfing, your smart refrigerator—they all connect to the Internet through one device: your router.
Hi, I’m JR, a special agent with the FBI. I’m here to share some tips to make your Internet router more secure.
Your router may be a standalone device, or it may be a part of a modem provided by your Internet service provider. You might have more than one router in your campaign office or home. Protecting your router is just as important as protecting your computer. If your router is misconfigured or not properly patched, you have a weak link where bad actors could get into your networks.
First, let’s cover how to access your router’s settings. A common way to access your router’s settings is to enter the following IP address into your web browser’s address bar while your computer is connected to the router.
Then a login screen will appear in your web browser with your router’s manufacturer name.
Check your router’s user manual or the underside of your router for the default user name and password to log into your router.
Once you’ve logged in to your router, here’s how to adjust the settings to make your router more secure.
Change the router’s default password. The default password is often the word “password.” Other common default passwords are listed on the Internet where attackers can find them easily. So make your router’s password long and complex—and watch our video on passwords for further guidance.
Frequently check to see if updates are available for your router—if so, run the update. These updates patch security flaws and protect against known attacks.
Disable all remote access, including cloud-based router management. This means the only way to adjust your router’s settings is to be physically connected to your router.
Most devices connect to your router wirelessly, which means you also need to adjust your wireless settings. This will help protect data that’s communicated through your router without a hard line or cable. Here’s what to adjust on your wireless settings:
Your encryption level might be WEP, WPA, or WPA2. You should only be using WPA2, as that’s far more secure. If WPA2 is not an option, it’s time for a new router.
Look at the name of your Wi-Fi network, also called the SSID. Try not to associate your network name with the campaign.
Don’t put your name or your candidate’s name or your campaign’s name on the name of the network.
Don’t put a physical address like “office 201” on the network name.
Don’t put the brand of your router in the network name.
Don’t choose a common network name, or your device might try to automatically join a different network with the same common name while you’re out and about. A related point: When you’re not at the campaign office, turn off Wi-Fi on your mobile devices, unless you’re sure you want to connect to another Wi-Fi network away from the office. Check our video about VPNs for more guidance on this issue.
Create a guest network with a different password, and limit what information can be accessed on the guest network. Make sure even your guest network uses WPA2 encryption.
You might be asking, is all of this really necessary? Where’s the threat? In May 2018, the FBI published a memorandum about advanced persistent threat actors using malware to target routers. If your router was infected with this malware, then here’s what might have happened:
Bad actors could watch your Internet traffic and see or steal your sensitive data.
Bad actors could send a simple command to your router and permanently disable it.
Bad actors could use your router to launch a network attack on another device.
Your router is an integral piece of your network and potentially a single point of compromise for your entire network. The tips we’ve discussed will make your router safer and will make it harder for bad actors to compromise your information.
Remember, your voice matters, so protect it.
- 03.20.2019 — FBI Marks 20 Years of Training at ‘Body Farm’
- 03.20.2019 — FBI Training at the ‘Body Farm’ (360º)
- 03.20.2019 — Training at Human Remains Recovery Course
- 03.13.2019 — Their Voices: Remembering 9/11
- 03.13.2019 — FBI Agents and Analysts Tour 9/11 Memorial & Museum
- 03.11.2019 — Portland Teen Academy
- 03.06.2019 — Director Discusses FBI Approach to Cyber Threats at RSA Conference
- 03.03.2019 — Former FBI Director William Webster Helps Foil Scam
- 02.27.2019 — FBI Seeking Owners in Cultural Artifacts Case
- 01.30.2019 — Partners in Prevention: Vehicle Rentals and Vehicle Ramming
- 01.24.2019 — Video Message to Employees from Director Wray
- 01.19.2019 — Robbery, BP Gas Station, Henrico County, Virginia
- 12.21.2018 — Memorial Held for Victims of Pan Am 103 Bombing
- 12.14.2018 — Trailer: Remembering Pan Am 103: 30 Years Later
- 12.14.2018 — Remembering Pan Am Flight 103: Kara Weipz
- 12.14.2018 — Remembering Pan Am Flight 103: The 'Laundry Ladies'
- 12.14.2018 — Remembering Pan Am Flight 103: Kathryn Turman
- 12.14.2018 — Remembering Pan Am Flight 103: Carole Johnson
- 12.14.2018 — Remembering Pan Am Flight 103: Tom McCullough
- 12.14.2018 — Remembering Pan Am Flight 103: 30 Years Later