Your ADSL Broadband modem is your high speed gateway to the Internet. It is also your first line of defence against attack, so it should be secured. Isn't it already? NO. The vast majority of home and small business modems are being operated by their owners, thinking that it is secure and it ain't!
Imagine that every new model of a Toyota, Holden, or Ford Car built, was sold with the same set of keys. You would all be jumping up and down complaining. Anyone could have instant access to your new car. Hey, that's just crazy! Yes it is.
And yet every model of broadband ADSL modem is sent from the factory with the same user name and password, plus the supplied username and password is generally admin and admin, or admin and password. Now that's just crazy. Why? Because all a hacker has to do is detect what model modem you have, and they're into your network or computer. In actual fact, they don't even need to know what model, because different manufacturers use the same generic password. Plus most service providers may only supply a couple of different models of a particular brand, so If they find out which ISP you're using, they pretty well know what the password for your broadband modem will be.
This modem security issue could easily have been avoided by modem manufacturers generating a unique User Name & Password for every modem and sticking it under the modem, or in the supplied booklet! You would still be able to change it later.
Well, what can you do? Change the factory supplied username and password! The modem will be supplied with a small paper manual, or there will be a manual on the installation CD. Look for the item that refers to manual access, or manual set up, and follow the instructions for changing your username & password. If you're going to change this password, create one of those real random ones that everybody hates to try and remember. Don't use birthdays, pet names, 1234, or something simple. You have to make it complicated. Hackers have sophisticated tools that can crack simple passwords in seconds. So make is random, use some upper-case letters, numbers and symbols. Also, make it at least 12 characters or longer if possible. You don't need to remember it, stick it under the modem, or in a special password book. Some models will only allow you to change the password, but not the user name.
(This is important, the password and user name we want you to change is not the user name, (generally your email address) and password you have been supplied with by your ISP for accessing the Internet. This password and user name are also in the broadband modem. If you're seeing these entries, you're in the wrong place. Leave these entries alone, or you will lose access to the Internet!)
Another item to check while you're in there, is that your modem firewall it turned on. A firewall is a defense system built into modem, that monitors what systems are allowed to have access to and from the Internet. Think of it like a security guard on a building, watching who or what is allowed to enter or leave the building. It is a very big part of your Internet security and must be on a standard or high setting. If you set a firewall setting too high, you may lose Internet access. Consult your modem manual. If it is not on, you have probably already been hacked! I have come across seven ADSL modems in the last fortnight that had been hacked, and their firewalls had been turned off.
This means the hacker can not only have complete access to all your connected computers, but also potential to redirect you, or your staff, to malicious or counterfeit sites which look like your bank, but are not! They can also redirect traffic through your Internet account. This traffic can be lots of spam, virus attacks, terrorist or hacker communications. The hackers just love this because they can send all this malicious stuff anonymously. It's going through your Internet account so it is difficult to track.
Why would anyone want to do this to my computer? These days the hackers can make big money out of it. Crime gangs pay them good money to pilfer credit card information, bank user names and passwords, or send spam etc. It used to be just sport. "I can do this to poor unsuspecting saps". But now they can make good money doing what they enjoy. Isn't that everyone's dream! The IT industry just makes it easy for them.
© 2007 Peter Daley
Disclaimer: This is an amateur volunteer run service. Human error can provide incorrect information, and equipment malfunction can produce false readings. Do not rely on, or take action upon information presented on this web site or at SCCC activities, without further research. Views expressed in the pages, images, or tutorials on the SCCC Inc., web site or presented at venues, maybe the personal opinions of the relevant writers or presenters, and are not necessarily representative of those of SCCC Inc.