Your router is the gateway to your network which makes it a target for hackers. In just 15 minutes and four easy steps, Jimmy Ray Purser shows you how to significantly increase the security on your router, and keep your company's network safe
Sometimes I just want to catch a fish. I don't care what kind it is until I catch it. I'll hook into that dude and feel the excitement rush through my veins like a cold wind blasting between Chicago buildings in February. Then I reach down and get it and it's an old sorry white drum. Man, disappointed, like getting a pair of socks for Christmas. Back to the bait shop to buy more effective lures.
This is kind of what routers end up being on some of our networks. There is the excitement of connecting a network to the home office or the Internet, and then they become the shelves we store dust on while the firewalls and intrusion prevention systems get all the attention. Of course, the servers get jealous, and they crash or dump the core to steal attention away from the well-deserving networking gear, but what can you expect from dork servers?
The Front Gate to Your Network
I do a presentation in the field called "15 Minutes." I explain to people that by taking an extra 15 minutes per router, they can increase their router security by a factor of 10. The trick to this is showing people what a hacked router can mean to their business. The router is most likely the front gate to your network. Just like any front gate, looking at the gate tells me a lot about what is behind it. An address, name, security camera, lock: All tell me a lot before I break the law. Remember the hacker who broke into NASA's network in 15 minutes? What was not told in the media was that he spent eight weeks gathering information and reconnoitering the network before that.
Routers are supervaluable targets for hackers today. Consider that many routers have limited monitoring other than if it is passing packets, it works; if it isn't, it's broken. I was at a customer site, and it was fit to be tied about how slow the network was performing at times. After I looked at the router configuration, I noticed that a hacker had set up a generic routing encapsulation (GRE) tunnel from the company's site to the Ukraine, where the traffic was captured and duplicated before getting forwarded to the Internet. The IT staff was fired within days. The loss was huge, and the hack was simple. Uncoolski, comrade.
What can you do in 15 minutes to keep from being the next new account on Resumebuilder.com? Here are four tips I recommend for network admins to make the router more than just an access control list parser.
Tip 00x01
Googledorking. I use Word for Mac to write this type of article. I can tell if an attack is new when Word doesn't put a red line under it. Googledorking is one of those words and methods, for that matter. Searching Google for open routers is like trying to have fun shopping for shoes with your wife; it's kinda tough. We get a ton of manuals, white papers, and advertisements. We have to use Google operators to make the search work for us. Since Cisco routers don't have a .cfg extension by default, we need to get creative by using operators like:
inurl: -cfg intext:"enable password" allinurl:"/level/15" exec
For bonus points, I like to also such for Multi Router Traffic Grapher (MRTG) config files to shortcut the footprinting phase. I look for those with operators like:
inurl:mrtg intext:Cisco intext:public
You can avoid this by not having the Web interface enabled, Telnet, Cisco Discovery Protocol, Trivial File Transfer Protocol (TFTP), and Simple Network Management Protocol (SNMP) v1"2 on the outside interface. If you find your device using Google, you can go to the Google services page and remove the link yourself. Just remember to actually change your configuration so it will not be indexed again.
Next Page: Security Tools to Help You Avoid Hackers
