Definition
A router is a device that connects our home to the internet and often also provides a Wi-Fi network. Many people have a router at home, but very few know exactly what tasks it actually performs. For many people who do not have an IT background, it may come as a surprise that the router has many more functions than just connecting to the Internet.
The router serves as the central interface between the home network and the Internet. It acts as an intermediary between different networks and is mainly responsible for forwarding data packets in a targeted manner, whether to the Internet or within the internal network. The provision of a WLAN is merely an additional function that makes it possible to connect devices wirelessly to the network.
Example
Let's take an example: You are at home and connect to the WLAN on your cell phone. With this step, you have created the possibility to communicate with other people via your cell phone.
Now other family members also connect to the same WLAN. This means that the whole family is on the same network, also known as the internal network.
If you now want to send a message to your family members via your cell phone, the message is sent to your router and the router forwards it to the recipients. The sending process is exactly the same if you want to communicate with people outside your network.
Attack scenarios
Now that we've covered what routers are and how they work, let's look at how criminals can attack routers from the outside.
It is very easy to configure a router via a web interface. You simply have to enter your login details and can make any settings you like.
If the router is new, a default user name and a default password are saved for the first login. This login data should be changed immediately. Unfortunately, very few people do this.
And this is a major weak point: if an attacker knows these default login details, e.g. because they have spied them out using spyware, they can log in to your router and change settings.
Another point of attack is the firmware installed in the router. It may contain vulnerabilities that can be exploited by an attacker. This allows them to get into your router and monitor your network traffic, for example.
Another attack scenario is a DoS attack. In this case, the router is flooded with huge numbers of requests. The aim is to reduce the performance of the router to such an extent that it can only respond to other requests very slowly or not at all - or in the worst case even crashes.
A variation of the DoS attack is the DDoS attack. In this case, the requests are not only sent from one computer, but from a large number of computers. A botnet can also be used for a DDoS attack. For more information about botnets, please read the article "Malware: What is it?".
Recommendations for protecting your router
Finally, here are some recommendations on how to protect your router:
As described in the attacks above, the default login details should be changed. You should also use a strong password that is not easy to guess.
Also, the WLAN name should not contain any information about the device, as such information can be used to carry out targeted attacks on the router.
Another recommendation is to set up a guest WLAN. This way, visitors have their own network area and cannot reach resources in the other network area. This means, for example, that a guest cannot infect the main network with malware, but only the guest network.
