Securing Wi-Fi and ADSL Modems

This document gives home users and network administrator an overview of the security risks and countermeasures associated with Internet connectivity, especially in the context of ADSL and Wi-Fi modems.

According to the modified version of the Mirai worm(Mirai is a malware that turns networked devices running out of date versions of Linux into remotely controlled "bots" that can be used as part of a botnet in large-scale network attacks. Its primary targets includes online consumer devices such as IP cameras and home routers) or other malicious activity which commandeered huge numbers of CCTV cameras and other Internet of Things (IOT) gear is now scanning home routers for security vulnerabilities, and either crashing or hijacking devices. This upgraded malware, and similar software nasties, were likely behind the some DDOS attacks on many countries (like Germany, Ireland and so on and so forth), by attacking the home routers on port 7547, 5555 and some other ports. This appears to be a consequence of TR-069(TR-069 is a technical specification that defines an application layer protocol for remote management of end-user devices) which typically makes TCP/IP port 7547 available. ISPs use this protocol to manage the modems on their network. However, on vulnerable boxes, a TR-064-compatible server is running behind that port and thus accepts TR-064 commands that configure the hardware without authentication, so in this situation, the attackers can manage the hijacked devices and use these routers for attacking.

Now if you are worried about the security of your Wi-Fi connection and your home ADSL router, follow these steps:

  •  Change the administrative credentials:

    Every router comes with a generic username and password, you should change them both.

  •  Change the Network Name :

    The service set identifier (SSID) is the name that's broadcast from your Wi-Fi to the outside world so people can find the network. You should change the SSID immediately.

  •  Activate Encryption:

    Please turn on WPA2 Personal (it may show as WPA2-PSK) and set the encryption type to AES

  •  Turn on Firewall:

    The router has a firewall built in that should protect your internal network against outside attacks. Activate it if it is not automatically turned on.

  •  Upgrade Router Firmware:

    Just like with your operating system and browsers and other software, attackers find security holes in routers all the time to exploit, so please upgrade your router firmware.

  •  Turn off WPS:

    Wi-Fi Protected Setup or WPS, is the function by which devices can be easily paired with the router, attackers can use this protocol to attack, so please turn off the WPS on your router.

  •  Filtering on MAC Addresses:

    single device that connects to a network has a media access control (MAC) address that serves as a unique ID, You can go into your router settings and physically type in the MAC address of only the devices you want to allow on the network.

  •  Do not Broadcast the Network Name:

    In the router settings for the SSID, check for a "visibility status" or "enable SSID broadcast" and turn it off. In the future, when someone wants to get on the Wi-Fi, you should tell them the SSID to type in.

  •  Closing unnecessary ports:

    You should close unnecessary ports on your router.

  •  Turn the network off when not in use
  •  Disable remote management:

    Disable this to keep intruders from establishing a connection with the router and its configuration through the wide area network (WAN) interface like port 7547

  •  Using strong password:

  •  Change the passwords periodically:

    You should change passwords every 30 to 90 days.

  •  And it is strongly recommended to use mutual authentication such as EAP-TTLS, EAP-TLS and PEAP.