# Introduction to Business Router Security Notebook

This notebook is aimed at people looking to learn about tools they can use to secure their network environment. It's designed to introduce people to a wide range of tools they can use for any purposes they need.

# Prerequisites

You'll need to have Python 3+ installed. You can download it here if you don't already have it installed:

https://www.python.org/downloads/

Also, this tutorial will be much easier on a Linux or Mac machine.

# Step 1: Basic Configuration

The easiest steps for securing your network environment are almost some of the most effective. By taking a few simple, non-technical steps, you can secure your network for the majority of low effort attacks.

## Secure your devices

Make sure that your router is located in a secure location. In addition to preventing patrons from accidently disrupting service, securing your routers ensures no-one can insert any devices or exploit a feature like WPS (if you choose to enable it). 

In addition, make sure that any sensative devices (such as registers, business computers, iPads, etc) are protected by strong passwords. 


## Changing default credentials

If you've never logged into your router before, the first step is going to be accessing your router, and updating your credentials.

#### Changing default crendentials is the most important security measure you can take.

In order to change your credentials, you first need to access your router's admin page. If you have physical access to your router, the default IP address and login credentials may be printed on the label. While the specific address of your router may vary, this tutorial will largely be using the adress 192.168.1.1 

You may run the script below to scan for your router IP. If it can't automatically find your IP, try including your router brand, or looking it up on this website: https://proprivacy.com/guides/default-router-login-details

In [67]:
import subprocess
import re

#Put your router brand here (OPTIONAL)
router_brand = ""



#Regular expression looking for IP address
p = re.compile(r'\d+\S\d+\S\d+\S\d+', re.IGNORECASE)

#Looking for router IP
shell_cmd = 'arp -a | grep "router"'

if router_brand is not "":
     shell_cmd = shell_cmd[0:-1] + "\|" + router_brand + '"'

arp_results = subprocess.check_output(shell_cmd, shell=True).decode("utf-8").split("\n")
for result in arp_results:
    adr = p.findall(result)
    if len(adr) is 1:
        print("Your router IP address is likely: " + str(adr[0]))



Your router IP address is likely: 192.168.1.1


To access your router, trying opening a browser tab and entering the IP address above. You should arrive at a log-in page. If you haven't changed your default login credentials, then try logging in with the credentials found at the website above.

Navigate to your routers settings page. There will likely be an "Administration" or "System" tab, from where you should be able to create a new log in password. Create a strong password, consisting of at least 8 characters that doesn't contain personal information or phrases easily associated with the business or yourself.

## Configure public and private WiFi

While you likely already have a public WiFi for guests, it is important to also have a private network, protected by a different WiFi password, for use by the business. Any sensative information should pass through this seperate, privae network. Sensative information may include accounting, emailing, internet connected payment devices, VoIP, or any other business information.

Configuration will vary by router model and manufacter. However, it will likely be done through the same web browser interface used above. 

Make sure that you use WPA2 security for both the public and private networks. Additionally, use a strong, hard to guess password for your private network. By isolating your private and public networks, an easy to share and guess public password won't expose your private information.

## Update your firmware

Updating your router's firmware is very important, especially if it an older device or has not been updated in a long time. Updating may fix old bugs, improves performance, or add additional features to your router. Most importantly, however, is that they will contain security patches that are vital to the health and wellbeing of your network. 

From your router administration page, you should be able to select a firmware tab. While details will vary by router, most common routers support firmware updates through the web browser, so you only need to click a button. Others may require you to download the latest firmware from the manufacter's website. 

## Services and Features

By default, many routers have many unneeded services, features, or settings enabled. While some are harmless or useful, others provide attack surfaces on your network, both locally and through the internet. Conversely, other important safetey features are occassionally left off. 

The first service you should take a closer look at is your firewall. It is generally recommended to enable this feature, as your firewall the first line of defense between your network and the wider internet. Enabling your fireware will likely be done through your router's webpage, on a dedicated tab. Each network may have its own unique networking needs, but most business can get by by using default firewall configurations, which will block most incoming traffic.



Additionally, specific services can be disabled to make your router less of a target. If you don't need any of the following services, considering turning them off in your router's settings.
    - ssh (especially WAN access)
    - UPnP
    - router admin web access (for WAN)
    

# Step 2: Additional testing

While the actions taken in step 1 go a long way towards protecting your network environment, there are additional tests you can run to further protect your business and environment.

## Installing Tools

We will use the tools below to scan your wireless environment.

- routersploit: Contains a scanner that automatically checks your router for common vulnerabilities.
- netdisco: Scans your network and returns information about hardware on your network.

The code below will automatically install all of these tools. If you don't want to use a tool or if a tool won't install on your platform, change the corresponding variable below to False.

In [None]:
# Change these variables to False if you don't want to install the tool
routersploit = True
netdisco = True

import platform
import os

def install_routersploit():
    os.system("git clone https://www.github.com/threat9/routersploit routersploit")
    os.system("cd routersploit")
    os.system("sudo python3 -m pip install -r requirements.txt")
    os.system("cd ..")
    print("Installed routersploit")
    
def install_netdisco():
    os.system("pip3 install netdisco")
    print("Installed netdisco")
    
if routersploit:
    install_routersploit()
    
if netdisco:
    install_netdisco()
    

## Scanning your network for devices

One useful tool is learning information about devices connected to your network. You can determine how many devices are on your network, examine specific devices for security issues, or learn more about all devices.



### ARP Scan

An ARP scan gives you basic you information about some devices connected to your network. It's useful for finding out how many devices are on your network or for getting a list of IP addresses of devices on your network.

Run the code cell below. This will run `arp -a` in your computer's shell, giving you a list of some devices connected to your network.

In [68]:
import subprocess

arp_results = subprocess.check_output("arp -a", shell=True).decode("utf-8").split("\n")
for result in arp_results:
    print(result)

router.asus.com (192.168.1.1) at 4c:ed:fb:7c:69:f8 on en0 ifscope [ethernet]
chriss-ipad (192.168.1.6) at 8:e6:89:87:60:ab on en0 ifscope [ethernet]
homeserver (192.168.1.251) at 70:85:c2:ae:5a:d2 on en0 ifscope [ethernet]
? (224.0.0.251) at 1:0:5e:0:0:fb on en0 ifscope permanent [ethernet]



Each line looks like this:

`[device name] ([device local IP address]) at [device MAC address] on [connection information]`

- `device name` tells you a name assigned to that device. This probably tells you the name of that device, but if lots of devices are on the network, this can be inaccurate.
- `device local IP address` gives you the address this device uses to communicate on your network. You can use this in later sections to learn more information about this device
- `device MAC address` gives you a unique identifier for the device, but this isn't too useful for this guide.
- `connection information` gives you network interface information that isn't too useful for this guide.

Generally, you can use an ARP scan to get a list of IPs on your network. In the next section, you can use this information to scan a specific IP address to learn more about that device.

### nmap Scan

Devices on your network may have open network ports. An open port provides a gateway for other devices to communicate with that device.

Generally, you only want to open a port if it's necessary. Unnecessary open ports can provide ways for hackers to steal information from devices on your network.

`nmap` is a tool you can use to scan specific device on your network to see which ports are open on it.

#### Fast Scan

The below code checks for commonly opened ports on the IP `192.168.1.1`, which is probably your router. Feel free to modify the `ip` variable to scan different devices.

In [None]:
ip = "192.168.1.1"  # Should look like "192.168.XXX.XXX"

import subprocess

netdisco_results = subprocess.check_output("nmap -F " + ip, shell=True).decode("utf-8").split("\n")
for result in netdisco_results:
    print(result)

The scan gives a list of open ports:

`PORT                        STATE            SERVICE`  
`[port number]/[protocol]    [port state]     [port purpose]`

- `port number` indicates the number of the port, from `1-65535`, that is being described.
- `port state` usually indicates if the port is `open` or `closed` to traffic.
- `port purpose` indicates the type of traffic that port usually handles. For instance, port 80 handles HTTP (regular Internet) traffic, while port 443 handles HTTPS (secure Internet) traffic.

#### Scanning a specific port

The below code scans the IP `192.168.1.1` to see which ports in the range `1-4096` are open. Again, feel free to modify the variables to scan different devices or ports.

In [17]:
ip = "192.168.1.1"  # Should look like "192.168.XXX.XXX"
port = "1-4096"     # Should be a number from 1-65535 (e.g. "443"), or a range of numbers (e.g. "1-1024").

import subprocess

netdisco_results = subprocess.check_output("nmap -p " + port + " " + ip, shell=True).decode("utf-8").split("\n")
for result in netdisco_results:
    print(result)

Starting Nmap 7.70 ( https://nmap.org ) at 2019-05-09 16:23 CDT
Nmap scan report for router.asus.com (192.168.1.1)
Host is up (0.10s latency).
Not shown: 4087 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
53/tcp   open  domain
80/tcp   open  http
139/tcp  open  netbios-ssn
445/tcp  open  microsoft-ds
515/tcp  open  printer
1990/tcp open  stun-p1
3394/tcp open  d2k-tapestry2
3838/tcp open  sos

Nmap done: 1 IP address (1 host up) scanned in 33.27 seconds



### netdisco Scan

An ARP scan gives you basic information about all of the devices on your network, while an nmap scan gives you information about open ports on a specific device. Another tool, `netdisco`, gives you hardware information about certain devices. This is useful for finding the IP of devices you know some hardware information about, like a Chromecast or a Smart TV.

Run the code block below to run the `netdisco` scan.

In [None]:
import subprocess

netdisco_results = subprocess.check_output("python3 -m netdisco", shell=True).decode("utf-8").split("\n")
for result in netdisco_results:
    print(result)

You can see the information includes like the device name and serial number, which can be useful for identifying a specific device on your network. It also describes some network information, like open ports and UPnP information.

# Scanning for vulnerabilities: routersploit

Over time, people discover vulnerabilities in routers that can be exploited. These are usually patched in newer routers, but old routers that haven't been updated in a while are more vulnerable.

There are a wide variety of vulnerabilities that can be found in routers, making it difficult to check for all of them. The routersploit tool contains an automated scanner you can use to check your router against a database of vulnerabilities. This makes it easy to run a broad range of tests against your router to check its security.

routersploit must be installed for this section to work.

1. Open a new terminal in the routersploit folder. If routersploit was installed automatically in the "Installing Tools" section, it will be in the same directory as this notebook.
2. Run "`python3 rsf.py`". The routersploit interface will load.
3. Type "`use scanners/autopwn`". This loads the autopwn scanner for vulnerabilities.
4. Type "`set target 192.168.1.1`" to target the scan at IP `192.168.1.1`. Feel free to change the IP to target a different device.
5. Type "`run`" to run the scan. Autopwn will check a wide variety of scans and list the results of each test.

If the device is vulnerable to an exploit, routersploit will output a list containing vulnerabilities with a <font color="44EE44">[+]</font> symbol in front of it. Depending on the type of exploit that your router is vulnerable to, you should consider multiple options:

- Mentions default credentials: The credentials to login to router's administrator page were either never changed, or are easy to guess. Check the section on changing this login information to change this.
- Mentions open ports: Consider if you really need that port to be open. Generally, you shouldn't need to open ports besides 53, 80, and 443, unless you have a special setup.
- Mentions specific software version: Update your router's firmware. Outdated firmware may contains bugs or exploits. Security patches provides additional security, and updates may provide improved performance or additional features.
- Mentions specific router model: You may need a new router. As time goes on, people discover and public exploits in routers, so older routers are more vulnerable.
