Security: Harden DSL Routers and Networks against attacks

Last days there was a high count of news about the Bot Attacks against T-Com Telekom Router devices. To understand the behavior about this up comming security problems you should know following points :

  • Every network supported device can be a goal for a attack ( Routers, Modems, PC, Fridges,IP-TV, IP Switches, IP-Cams…)
  • You have to update the OS for each device monthly, if not supported by the manufacter, then dont buy!
  • Try to get Opensource Hardware with Opensource Software for full access (ssh / console) to have full control
  • Reduce the count of devices who are connected direct to the web!
  • If you must use a ISP Modem / DSL Router of your ISP Provider, then install a second Opensource Router with Firewall behind for more security
  • Use small Firewalls to seperate WIFI and LAN Networks!
  • DISABLE if possible „auto update“ and „ISP Remote Control“ at the DSL Router / Modem cause more and more comfort functions are hacked to break the systems.
  • Updates must be tested on non productive Routers!
  • Keep clean backups of fresh installed Routers / Modems and restore the backup every 3 month to overwrite bad possible changes!!
  • Connect the Routers to a clocktimer to unplug and hard reboot the Router every night! (againts RAM Hacks)
  • Control every month the Router logs and ISP-Settings ( IP-Phones) cause hackers want to route calls to asia!
  • Dont trust blind every commercial hardware! much bugs like open doors, default passwords are set!
  • Test your System with free tools like „nmap“ Portscan and „iftop“
  • Change Passwords, WIFI Passwords, Wifi-IDs! min. 12 signs

Openwrt: Turn older Router into Wifi Accesspoint Repeater Extender Solar Powered

At the Summer Time you need perhaps a Wifi Extender for your Garden??

Solution:

  • TP Link 841/N (low power/Battery 9V/Solar /Type-N-allows external planar Antennas!!), 3600+4300 (USB-NAS/CIFS/SFTP/Classroom Library with USB Strorage)
  • Openwrt 15.XX Calmer as OS with Firewall, Webinterface and REALTIME Monitor for Traffic and Connections!
  • Easy Setup, replace the OS by the TP-Link-Updater, reboot and Login to Openwrt
  • You got professional Options!
  • works as Firewall, Extender, Repeater, WIFI-to-WIFI Bridge, LAN-to-WIFI Bridge, NTP-Server, DNS/DHCP Server
  • can isolate connected WIFI Clients
  • can handle different WIFI SSIDs / Networks on same Hardware
  • modded Hardware can be used with 5Volts of Power! (841 removed Resistor)
  • runs Freifunk OS for Public Free WIFI Guestnet (without Password Login and VPN to Public Internet Gateways for anonymous Web Access)
  • free security updates, backup and restore of settings!
  • free support by published Wikis, many Manuals on Internet and of course by me
  • free Download od the Sofware at openwrt.org

freifunk