These devices are easy prey for hackers
Sometimes a home use router may look like an open door to the leaking of some of our information, cyber security organization experts discuss how we can find out if our devices are vulnerable.
First of all, it’s important to start by implementing basic security measures to protect our router. Keeping the firmware updated, changing the default password, and disabling remote management are the key steps. It is also important to make sure that you have not configured any custom firewall settings that needlessly put your network at risk. If you have configured port forwarding for games on a laptop, for example, make sure that this has been done as safely as possible. Using firewall measures that allow only the minimum necessary communication is the key. Sometimes, at the time of solving a problem, it can be tempting to simply set up a rule to allow everything. Going back and looking through the rules of the firewall can sometimes reveal a bug that you hadn’t noticed before.
But, what happens if you want to check the open ports from the outside? This is an important methodology, because it is easy to overlook something when browsing the router’s configuration web pages. An external audit is required to ensure that there are no open ports. According to cyber security organization experts, there are three main ways to achieve this:
- Shodan
- Online port scanners
- Nmap
Shodan is a great tool. Its admins are dedicated to constantly scanning the Internet, including routers. This was placed on a search engine that allows anyone to search for details about devices, ports and server software that is running there. As anyone can access this information, hackers also pay attention to Shodan and have their own information-scanning tools. In fact, this makes Shodan safer, because now you can see what is exposed on your router, without having to run your own scanner. Browsing Shodan can be fascinating, as it is tempting to know how many devices without security can be accessed.
To find your home router in Shodan, the first thing you will need is the external IP address of your router. There are many websites that can give you this information. Some search engines, like Google and Bing, will show it to you by simply entering “What’s my IP address” in the search engine. Then, you only need to enter Shodan and enter the IP address. If you do not get any results, your router may not have shown any open ports during the last scan. If you get some results, you can pay attention to the “Last Update” section. The IP address of your home router can change periodically, which is a disadvantage of using Shodan on your household network. If the scan shows a recent timestamp, the results are more likely to be accurate.
But what if the most recent Shodan scan was a while ago and you recently made a router configuration that you want to audit? If you don’t have Shodan’s pay version, which allows for on-demand scanning, there are other ways to do so. One of them is to use an online port scanner. If you enter “online port scanner” on a search engine, you will find some free tools that will allow you to scan your router for open ports.
Anyway, if you want full control of your router’s scan, you’ll have to do it yourself. The good news is it’s not that hard. In order to do so, you can use a powerful free tool called Nmap. This tool runs on Windows, Unix-like systems and Mac. After downloading Nmap, it is recommended to look for an online tutorial to get in touch with the tool. You can also run the command “nmap-help” to get a quick help page.
Nmap commands that may be useful for scanning your home router include “-P-“(without quotes), which scans all ports, and “-Pn”, which allows Nmap to discover the target even if the ping is blocked. Cyber security organization experts from the International Institute of Cyber Security recommend that before entering any command, the user have to be sure to fully understand what a command does.
Using Nmap on your home router in this way will require you to have a way to scan from the outside. There are some ways to do this. One of them would be to go to someone else’s house to scan the IP address of your home router. Another way to do this is to simply scan from your home using a computer that is connected to a VPN service. The output traffic will be channeled through the VPN, so the Internet service provider cannot see where the traffic comes from or confuse it with malicious traffic. Because you are connected to the VPN, you can scan your router as if it was located outside the network.
If you discover open ports on your router, it could be difficult to identify which ones present a risk and which don’t. An example of risky configuration would be if the remote administration function is accidentally left on, causing the ports 80, 8080 or 443 to open. You can find many common usage lists of online port numbers, and those lists can definitely help simplify the process of figuring out why a particular port is open.
Many tools such as Nmap or Shodan, which are often confused with hacking tools, were actually developed by cyber security organization researchers to audit and evaluate for legitimate purposes. If you learn how to use these tools carefully, you can identify incorrect configurations in a local infrastructure and establish better security measures on your network.
Working as a cyber security solutions architect, Alisa focuses on application and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.