Video-Demo-Tour

Ask us


I agree to the terms of the Privacy policy
I agree with the provisions on data protection. I agree that Protelion will process the personal data provided by me electronically for the processing of my request and contact me, according to my explicit request, for the processing of my request. I can revoke my consent at any time with effect for the future.

Your request was sent successfully.
We’ll answer you as soon as possible.

OK

Home

/
 ... / 

Resources

/
 ... / 

Blog

/
 ... / 
Router Security

Router Security

24.10.2024

A router is a network device that allows that is responsible for taking the best route for the traffic of data packets between two devices that belong usually to different networks.

The basic task of a router, operating on Layer 3 (network) of the OSI model, is to process the source and destination information of the data packets it handles and, based on this information, send them to the next router or directly to the end device if necessary.

Each router is responsible for deciding the next hop of the data packet, by using algorithms capable of determining the best route to follow as it flows from a sender to a receiver.

A very general classical comparison between the most commonly used network interconnection devices: hub, switch and router, could be summarized as follows: the first sends data packets to all connected devices, the second only sends them to the destination device, while the third allows them to be sent outside the local network. 

Although the operation of routers is very similar to that of Layer 3 switches, since both allow packet routing, the fundamental difference lies in the fact that, in general, Layer 3 switches serve as a link between several LAN (local networks), while routers link LAN networks with WAN (Internet).

On the other hand, a typical router today, in addition to assuming the functions of a switch, includes, among others, a network address translator (NAT), a dynamic network address server (DHCP), and a hardware-based security mechanism (firewall) to protect the internal LAN from any malicious intervention from the Internet.

Components of a Router

A router consists generally of internal and external components. Basic internal components include:

  • CPU: central processor unit that executes the instructions for the operation of the device.
  • Power supply: connection to the electrical power source, necessary for its operation.
  • ROM memory: permanently stores diagnostic codes and router startup instructions.
  • RAM memory: exchange center for the data processed during operation.
  • FLASH memory: the place where the router's operating system is stored.

The most important external components are:

  • WAN connector: access to the wide area network, i.e. Internet. Usually, it is a telephone network access, or a fiber optic connection, etc.
  • LAN connector: connectors for the physical network connections, and there are usually two or more of them.
  • Wi-Fi antenna: antennas allow the wireless connection of different devices.
  • LED indicators: they are used to show the router status (on, off, active connection etc.).

Routing and Routing Table

Routing is a key feature of routers because it allows data packets to travel from one device to another until they reach their destination. Each intermediate device performs the routing by passing the packet to the next one, and in each case, it involves determining the best route.

A router's decision to forward data packets is based on the analysis of its routing table, in this sense, it takes into consideration the recipient of the packets: to itself, to a local device (on its own network), or to a remote one (located outside its network).

A Routing Table is a file used to store the routing data in remote and/ or directly connected networks; in other words, it contains network or next-hop associations.

Routers provide additional route information, such as how it was discovered, how long it has been in the table, and which specific interface should be used to reach a predefined destination.

To determine the best route, the router searches its routing table for a network address that matches the destination IP of the data packet. In this sense, it is possible to make the following conclusions:

  • Directly connected network: if the destination IP address of the packet belongs to a device on a network that is directly connected to one of the router's physical network interfaces, the packet is forwarded directly to the destination device.
  • Remote network: if the destination IP address of the packet belongs to a remote network, the packet is forwarded to another router. Remote networks can only be reached by forwarding packets to another network.
  • No route determined: if the destination IP address of the packet does not belong to a connected or remote network, the router determines whether a gateway of last resort (also known as default) is available. If a default route exists, the packet is forwarded, otherwise it is discarded.

Best Route

The determination of the best path to send data packets is a decision made by the router, based on the evaluation of several identified routes to the destination network. When this occurs, each route uses a different outgoing physical interface on the router to reach the target device.

The best path is chosen based on the value or metric used to determine the distance to the destination network. A metric is a quantitative value, which is used to measure the distance between the router and the target network, therefore, the best path will be the route with the lowest metric.

Some metrics taken into account to choose the best route are the total number of hops to the destination network, the bandwidth consumed, the delay in the delivery of data packets, reliability, etc.

Routing: Static and/ or Dynamic

In order to build the routing table of a router, routes can be implemented statically or dynamically.

Static routes are manually configured by the network administrator, and define an explicit path between two devices. They are easy to implement in small networks, and generally remain unchanged. They use less bandwidth, as the router does not use any processing cycles to calculate and communicate routes, which increases the efficiency of network resources.

However, they are not updated automatically, and must be manually reconfigured if the network topology is changed or the size of the network is increased, which is their main disadvantage.

On the other hand, routers can also use dynamic routing to share information about the status and connectivity of remote networks, and thus build their routing table automatically.

Dynamic routing performs well in any type of network consisting of several routers. They are scalable and automatically determine the best routes if topology is changed. It is best used for large networks, and requires higher resource consumption for its operation.

Instead of relying on manually configured static routes to remote networks on each router, dynamic routing allows new networks to be discovered automatically through other routers. These networks and the best route to each are added to the routing table, and are identified as dynamically discovered networks.

Router Security

In a network, in general, routers are the connection point between the different internal devices (LAN) and the rest of the digital world (Internet), so they must be properly configured to maximize security, and to be able to stop or prevent any attack carried out through the network.

It is possible to point out some basic tasks to improve the security of a router:

  • Update the firmware: The router has a set of operating and configuration instructions stored in its internal memory (firmware). Firmware updates are quite stable and therefore infrequent, however, it is recommended to install them (if available from the manufacturer of the model), to avoid vulnerabilities discovered over time.
  • Change the default login: The easiest way to access the router is through a web interface via its access IP address (usually 192.168.0.1, 192.168.1.1 or similar). Typically, almost all routers of the same make or model have a default username/password to facilitate initial access. This information is public knowledge, and is usually as simple as: admin/admin. That is why it is necessary to change at least the password as soon as possible, to prevent unauthorized access to the router and thus control of the entire network.
  • Set a secure Wi-Fi password: Just like the router access password, it is essential to set or change the default password for accessing the wireless Wi-Fi network of most of today's home routers. It is necessary to establish WPA2 encryption for the wireless connection, with passwords as strong as possible.
  • Change or hide the SSID: The Service Set IDentifier (SSID) is a name included in all packets of a wireless network. Composed of alphanumeric characters, the default name usually reveals the model and manufacturer of the router, which is not recommended to reveal, especially if the default access has not been changed. In addition to changing the name, another option is to hide it, to prevent it from being shown to other devices as a wireless network.
  • Disable remote access to the router: In most cases, it is not necessary to access the router remotely (for example from the Internet). This can become a serious security problem, exploited by malicious third parties. It is recommended to deactivate this functionality.
  • Manage MAC addresses: Each device that can connect to a network is assigned its own unique identifier in the form of a MAC address. This manufacturing ID cannot be changed and thus facilitates accurate control of the devices that can (or cannot) access a network. Most routers offer a MAC address filtering function, and it is possible to block specific devices, or create a list of only those that are allowed to connect.

In general, with simple, well-configured settings, it is possible to significantly improve router security and strengthen the barrier to data exchange between a LAN's internal devices and the outside world of the Internet.

Router Security.jpg

Blog

Wireless Connection Security - WiFi
25.11.2024
In the technology world, the term WiFi (an acronym for Wireless Fidelity) is synonymous with wireless access in general, although it is a specific trademark owned by the WiFi Alliance, a group dedicated to certifying that WiFi products comply with the 802.11 set of wireless standards of the IEEE (Institute of Electrical and Electronics Engineers), a worldwide association of engineers dedicated to standardization and development in technical areas.
Cybersecurity Common Nouns: A guide for learning the basics (Part 1)
18.11.2024
Cybersecurity is a vast and complex field, but certain terms and concepts stand at the core throughout all aspects. These “common nouns” in cybersecurity are essential elements that professionals and enthusiasts alike should understand to better navigate and safeguard against digital threats.
Why Secure Mobile Communication is Crucial for Critical Infrastructure and Defense Sectors
15.10.2024
In today's hyper-connected world, secure mobile communication is not a luxury but a necessity, especially for high-risk industries like critical infrastructure and defense. These sectors handle sensitive, classified, and mission-critical information that, if compromised, could result in catastrophic consequences.