I started a company about 18 months ago, Secured by THEM. It’s a small company that I created to help small businesses be more secure on their networks. There are bigger business that do this but they are not targeted at small businesses.
It was shocking to me what I’ve discovered since I opened the business: Any company with a cable modem as their primary Internet access has it set up incorrectly. If you get your Internet connectivity from a cable company your cable modem is your first line of defense against Internet intrusion (being hacked). If it’s not configured correctly it leaves a gaping hole in which crackers can reach in and infect your machines.
Apparently the tech’s that install cable modems are taught to pull a cable into the house or office, attache the cable modem to it and power it up. If it boots and turns on the correct lights in the right order, it’s “good” and ready for the customer! Usually the cable person attached a computer to the device and if they can reach the cable companies web site they are done. If the cable modem has a standard default password like “password” the tech will change that some something random and write it on the side of the modem, but now a days, most new cable modems come from the factory with a random password assigned.
Little or no testing is done and little to no configuration at all. What makes this even worse is how little you can do to correct the situation especially if it’s a “business” installation, you’ll have a little more luck with a “home” installation.
If you are a business class user with many cable companies business class service you are out of luck you, can’t get the password and you can’t log in, the only thing you can do is buy a firewall and ask the cable company to bridge the modem to the firewall. (And of course setup the firewall correctly.) I’ve watched some of the folks do installs and they leave the modems as they come out of the box!
If it’s a home based business you have the password to the cable modem (it’s usually on the side or bottom of the device) so you can log in and correct some basic mistakes. But depending on the company and the cable modem you might be better off buying a firewall too.
Lets talk about what settings I consider to be critical:
- Firewall functions turned on and set to the highest settings that allow you to get work done. (Medium or High)
- Universal Plug and Play protocol (UPnP) turned off. The UPnP protocol “Internet Gateway Device” is not secure and can be used open your firewall up and make it easy to access machines in your network.
- Primary WiFi network security using WPA2 or better security turned on. WPA1 and WPA2 were cracked in September of 2017 and requires patches to be secure.
- WiFi Guest network turned on with WPA2 or better security turned on. Never leave WiFi access unprotected, never.
- If possible turn on 2 or 3 separate Guest networks, one for any device you own that leave the network and come back (phones and laptops) and one for Internet of Things (IoT) devices, friends and acquaintances” that ask for WiFi access.
- Coffee Shops can be places of infection.
- IoT devices in many many cases have little to no security and no security updates available. More security issues in 2018.
- Remote access turned off.
- Turn logging on, it’s normally turned off.
Settings I consider to be important but you might not, or might not have.
- Static IP addresses via the DHCP server for each computer on the network.
- MAC address lockdown on the DHCP server so that no computers can get an IP address on the network without being manually added.
- You might only have this for the WiFi connections, some devices limit MAC address lockdown to only WiFi.
- Remote logging of cable modem logs to a computer that can store them for a couple of weeks vs the usual couple of hours or a day.
This blog went a little longer then I expected, so I’ll pick up with my next blog showing how to secure a Motorola Cable modem. From there I’ll show setting up a Linux Firewall.
dmtechtalk 