Smart Devices are the Target
On October 21st a domain provider, Dyn, was cyber-attacked. Services such as Twitter, Reddit, PSN, and much more, were down for several hours. Targeted vulnerable internet devices such as home routers and cameras were used as the means for the shutdown, and with proper security measures, it could have been prevented. A DDoS attack overloads servers by maximizing the network traffic through internet devices, therefore creating a distributed denial of service (DDoS).
First and foremost, every device should be password protected. Typically, the default password is too easy to guess, therefore a unique one must be created. Routers have multiple encryption settings and the recommended trusted type is WPA2.
Older hardware can be updated to newer firmware containing security patches, decreasing its vulnerability to attack. Often times, it is a good idea to replace outdated hardware. Lastly, any device connected to a network that is no longer in use should be taken off that network.
Why This is Bad
Cyber attacks on home routers and the internet of things (IoT) devices can cause a slow-down at an internet service provider (ISP) such as domain hosting servers at Dyn.
Routers and modems provided by an ISPs are notorious for flaws in security. It is not recommended to trust an ISP to keep these secure. Aftermarket routers are more robust and even have stronger wireless range.
Internet attacks on home devices are showing that it is possible to cripple the web infrastructure. These attacks are likely to happen more and more.
Here are some tips to secure a router:
1. Change your router admin username and password. A quick search gives away all the default administrator username and passwords. It’s basically not protected whatsoever with the default settings.
2. Change the network name. A service set identifier (SSID) is the broadcast name of a wireless access point. The default ones usually give away the device manufacturer or ID.
3. Get encrypted. Wireless security — This is the strongest method to keep intruders out. Any key at all can prevent local hackers from getting in the network. WPA2 Personal is a good encryption or shown as WPA2-PSK. Avoid using WEP.