In past article, I’ve stressed the importance of having a NAT router between your PC and the Internet (by the way, any router you buy for consumer use is a NAT router, so you don’t have to tell the salesperson at Best Buy or wherever that you need a “NAT” router; just tell them you want a router and you’ll be fine). While that is without question the first, most important security step, it alone is not enough. The router itself is a weak point unless you have it properly configured.
All routers come with a default username and password. These defaults are well known and published on the Web. Three of the more widely-used consumer routers, Linksys, D-Link, and Netgear, have recently been shown to be vulnerable to a certain web page attack. Go to the wrong site and if your router has the default password, the attacker can change its settings to send you wherever they want you to go. You’ll think you’re looking at your bank’s login page, but it’ll be a fake look-alike that steals your account information as soon as you log in. Not good. This is another essential step to take to insure you’re not inviting attackers into your network. I leave you with a Computer Security Maxim:
Always change the default username and password of any configurable device you put on your home network.