How to Prevent Hackers from Accessing Your Router Password
Q: How should I change my router password? What are the best practices for defending against router password attacks?
A: The two fundamental rules for protecting your router password are: always change the default password on a new router and only log into your router over secure and encrypted connections.
Hackers not only know all the default passwords for common routers on the market, but they also upload them to websites. If you think this isn’t their first step in attacking routers, go ahead and don’t change the default password to see what happens.
Also, of course, use strong passwords——no dictionary words, at least eight characters long, and include uppercase and lowercase letters and numbers. Additionally, make sure to use different passwords for different systems. If you use the same password across a network and it gets compromised, then what? The entire network will be under attack.
Regarding encrypted connections, only use protocols like SSH, which can create a secure router connection. Protocols and services like Telnet and TFTP lack encryption, making them easily vulnerable to attack. One downside is that some routers can allow user IDs and passwords to be transmitted in plain text, where they can be easily sniffed.
Cisco Router Password Protection
On the other hand, Cisco’s IOS has two methods for encrypting passwords in the configuration files stored on the router. Cisco can store passwords in configuration files in three ways: plain text, Vigenere cipher, and MD5 hash algorithm. The Vigenere cipher is a slightly weaker encryption algorithm than MD5, and unlike MD5, it is reversible, meaning it can be cracked.
Cisco routers have three commands for encrypting passwords: service password-encryption, enable password, and enable secret. The first method uses Vigenere encryption, while the other two use MD5 hash encryption. The enable secret command is a newer feature in Cisco routers and is stronger than enable password. The enable password command is maintained only for backward compatibility, while service password-encryption, though weaker, is still required for compatibility with some older network protocols.
These commands also allow passwords to be set and encrypted at different access privilege levels, depending on the permissions the administrator assigns to staff.
Router passwords should be protected using Cisco encryption commands whenever possible. There is extensive, detailed documentation on Cisco’s website. If you are using a different brand of router, stick to SSH or other encrypted connections.
銆怑ditor’s Picks銆?/p>