If you are having trouble viewing this email, click here to view this online



   ISSUE 9

23 April 2012

Article of the Month   Around the World

How to secure your home Router




There is a significant growth in Internet connected computers in modern society. Our society is reliant on this connectivity for various reasons where some of it may include social networking, checking mail, research work, business from home, school work, etc. To facilitate the connectivity to the Internet the Internet Service Providers (ISP) provide routers which most of the time are wireless routers. These wireless routers have become common household objects in our current society.

To make things easier for the end user these routers are provided with pre-configured settings and with less concern to security aspects. This may be done to make the ISPís work easier and also the end users are reluctant to spend time on advance settings to secure their router. 

Usually your Internet connected router is always on and with not so secured default settings. This leaves an opening for malicious attackers to invade your home or office network. The following steps will enhance the security of your router and will be useful to decrease the attack surface.  

Change the Default Login Username and Password:

The router comes with a default administrator user name and password from the manufacturer settings. These default usernames and passwords are readily available on the Internet and user instruction manuals.

As a precaution these user name and passwords should be immediately changed during the initial installation.

A strong password of 8 or more characters with a combination of letters numbers and symbols must be used and it is advisable to change it every month.

Turn Off the router When Not in Use

This is the strongest preventive method. While it may be impractical to frequently turn the devices off and on, at least consider doing so during extended periods of absence.

Limit WLAN Coverage

You WLAN has no physical boundaries there for if an attacker is residing within the range of the wireless signals your network is in danger. In the router configuration settings you can limit the coverage to only the areas needed by adjusting the signal strength.

Change the Default SSID

 A service Set Identifier (SSID) is a unique name that identifies a particular Wireless LAN (WLAN).  Donít use the default name , location or any personal references for the SSID as this will help the attacker to identify the device and plan to exploit the vulnerabilities associated with that device.  

Configure WPA2-AES for Data Confidentiality

Wireless Equivalent Privacy (WEP) is no longer a secure protocol as there has been some serious security flaws associated with it. Use WPA and WPA2 which provide strong authentication and encryption using dynamically changing keys. Use a long and complicated pre shared key if you are using WPA-PSK mode. 

Disable UPnP: Universal Plug and Play (UPnP)

This is a convenient feature that allows networked devices to seamlessly discover each other on the network and establish communication, is also a security hazard.  For example, malware within your network could use UPnP to open a hole in your router firewall to let intruders in.  Therefore UPnP should be disabled when not needed. 

Use Static IP Addresses or Limit DHCP Reserved Addresses if possible.

By configuring a suitable subnet network mask you can limit the number of computers which can connect to the wireless network 

Enable Router Firewall

Most home routers include an internal firewall feature.  Ensure this feature is activated and carefully configured to allow only authorized users and services access to the network.  

Use MAC address filtering

This feature on your router configuration will allow to white list the approved devices which can connect to the wireless network.

Kanishka Yapa, Sri Lanka CERT|CC


Global Payments: 1.5MM Cards ĎExportedí
Global Payments, the credit and debit card processor that disclosed a breach of its systems late Friday, said in a statement Sunday that the incident involved at least 1.5 million accounts. The news comes hours ahead of a...
London 2012 prepares for cyber-attacks 
By Charles Arthur |

'....When it comes to Olympics security, the chief information officer for London 2012 is quite clear: "We will get cyber-attacks, for sure. Previous Games have always been attacked, so we will be attacked. We are working with partners and government to make sure we have the right defences," Gerry Pennell said. Speaking in January 2011, he insisted it was "inevitable" that there would be attempts to bring the systems down...'

Boeing to Jump into the Mobile Phone Business
By  Stew Magnuson | 10 April 2012

'....The Boeing Co. is developing a mobile phone based on the Android operating system that will compete with other manufacturers offering highly secure communication devices, company officials said April 10...'

Month in Brief

Facebook Incidents Reported to Sri Lanka CERT|CC in March 2012


  Fake + Harassment



Statistics - Sri Lanka CERT|CC



Microsoft to Release 6 Security Bulletins               

Tuesday, April 10, 2012


Microsoft has released an advance notification of security bulletins that will be released on April 10, 2012. The April cycle will see a total of six bulletins.

Title-Rise of "forever day" bugs in industrial systems threatens critical infrastructure
  By Dan Goodin

'....The number of security holes that remain unpatched in software used to control refineries, factories, and other critical infrastructure is growing. It's becoming so common that security researchers have coined the term "forever days" to refer to the unfixed vulnerabilities...'

  Notice Board
  Training and Awareness Programmes - March 2012  
Date Event Venue
- 2 Inauguration ceremony of "Web Patashala" Project Sugathadasa indoor stadium
- 2-16 Multimedia Content Development Programme Provincial ICT Center, Pannipitiya
- 19-23 Training programme for teacher in charges of "Connecting Classroom" Project
ICT Branch Laboratory , Ministry of Education

Brought to you by: