Awesome-Mirrors/personal-security-checklist
1
0
Fork 0
mirror of https://github.com/Lissy93/personal-security-checklist.git synced 2024-09-30 05:06:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Adds Protection from Router CSRF Attack

Browse Source
This commit is contained in:
Alicia Sykes 2020-07-29 12:57:21 +01:00 committed by GitHub
parent 3b1a83a19b
commit 19ff6a4ccb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
README.md
View File

@ -233,6 +233,7 @@ This section covers how you connect your devices to the internet securely, inclu
**Secure DNS** | Optional | Use [DNS-over-HTTPS](https://en.wikipedia.org/wiki/DNS_over_HTTPS) which performs DNS resolution via the HTTPS protocol, encrypting data between you and your DNS resolver. Although DoH is [not perfect](https://www.netsparker.com/blog/web-security/pros-cons-dns-over-https/), it does remove the need for trust - see [CoudFlares 1.1.1.1 Docs](https://1.1.1.1/help) for more details
**Avoid the free router from your ISP** | Optional | Typically theyre manufactured cheaply in bulk in China, with insecure propriety firmware that doesn't recieve regular security updates. Consider an open source router (such as [Turris MOX](https://www.turris.cz/en/mox/overview/)) or a comercial router with [secure firmware](/5_Privacy_Respecting_Software.md#router-firmware)
**Whitelist MAC Addresses** | Optional | You can whitelist MAC addresses in your router settings, disallowing any unknown devices to immediately connect to your network, even if they know your credentials. Note that a malicious actor may be able to bypass this, by cloning their address to appear the same as one of your trusted devices, but it will add an extra step
**Change the Routers Local IP Address** | Optional | It is possible for a malicious script in your web browser, to exploit a cross site scripting vulnerability, accessing known-vulnerable routers at their local IP address and tampering with them (known as [CSRF Attack](https://decoded.avast.io/threatintel/router-exploit-kits-an-overview-of-routercsrf-attacks-and-dns-hijacking-in-brazil/)). Updating your routers local IP address, so that it is not the default (usually 192.168.0.1 or [similar](https://www.softwaretestinghelp.com/default-router-ip-address-list/)), can help protect you from some of these automated attacks
**Don't Reveal Personal Info in SSID** | Optional | You should update your network name, choosing an SSID that does not identify you, include your flat number / address, and does not specify the device brand/ model. It may be beneficial to avoid something very unique, as services like [Wigle](https://www.wigle.net/)'s WiFi map can link an SSID directly back to your home address. This may also slightly aid in deterring an opportunistic attacker, as it indicates the router is being conscientiously administered. See, [how to update SSID](https://www.lifewire.com/change-the-wifi-name-ssid-on-a-router-818337)
**Opt-Out Router Listings** | Optional | WiFi SSIDs is scanned, logged and then published on various websites (such as [Wiggle WiFi SSID Map](https://www.wigle.net/)), which is a serious privacy concern for some. You can [opt-out of many of these listings](https://www.ghacks.net/2014/10/29/add-_nomap-to-your-routers-ssid-to-have-it-ignored-by-google-and-mozilla/), by adding `_nomap` to the end of your SSID (WiFi network name)
**Hide your SSID** | Optional | Your routers Service Set Identifier is simply the network name. If it is not visible, it may receive less abuse. However understand that finding hidden networks is a [trivial task](https://www.acrylicwifi.com/en/blog/hidden-ssid-wifi-how-to-know-name-of-network-without-ssid/) (e.g. with [Kismet](https://www.kismetwireless.net/)). See, [how to hide SSID](https://www.lifewire.com/hide-your-wireless-network-from-your-internet-leeching-neighbors-2487655)