Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is your router secure?


  • Please log in to reply
1 reply to this topic

#1 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,746 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:01:41 PM

Posted 19 April 2013 - 10:25 PM

Better hold off on answering that question just yet.

ISE, a security research company, has published a report detailing the ease with which they were able to compromise several popular SOHO routers.

I strongly recommend everyone read the following article.

http://news.cnet.com/8301-1009_3-57579981-83/top-wi-fi-routers-easy-to-hack-says-study/

However, users should not immediately freak out. While possible, these attacks do carry with them some limitations. Without access to your local network there is not a known exploit which will compromise your router without your clicking on a malicious link or running a malicious file. Furthermore, only two models of routers (Belkin N300 and Belkin N900) can be attacked from the Internet without having login credentials to the router.

See the ISE report for which model routers are susceptible to which threats. The identity of five of the compromised models has not yet been released as patches have not yet been made available.

http://securityevaluators.com//content/case-studies/routers/soho_router_hacks.jsp

It is very important that router owners use WPA encryption on their networks (avoid WEP!) and ensure that the admin credentials on their router have been changed from their defaults. Additionally, be on the lookout for router vendors to be pushing firmware updates in the near future to address these concerns.

animinionsmalltext.gif
If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!


BC AdBot (Login to Remove)

 


#2 GT500Shlby

GT500Shlby

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:41 PM

Posted 30 April 2013 - 02:29 PM

#1 - I do not agree or condone the use of an integrated wireless router. You have a router and then you have access points that are separate and if feasible, on a separate subnet.

 

#2 - Buying an older, _real_ router can be less expensive and better for your. For instance, I have a Sonicwall PRO 2040 that I got for free.

 

#3 - Disallow management from WLAN, External & VPN clients.

 

#4 - NEVER set the router as .1, Ever. I use .254 personally.

 

#5 - Never use 192.168.0.*, 192.168.1.*, 192.168.10.* or 10.0.10.* and some others I can't think of right now. I VPN into a lot of places, so it can cause conflicts, but for "Security through Obscurity". For Example - My X0 (Main LAN) GW is 10.203.10.254, my X2 (Main WLAN) GW is 10.203.20.254 & my X3 (M2M LAN [TV, TiVO, Printer, Etc) is 10.203.40.254. Obviously X1 is my WAN. Administration is SSL only and only on X0. My WAP is actually a Linksys EA4500 set to Bridge mode with a Static IP of 10.203.20.253.

 

#6 - Limit DHCP. Seriously, do you need 253 DHCP addresses? No. My X0 is on a 16-Port GbE Switch, so DHCP gives out 32 Addresses max. My X2 is more strict, giving out 10. and my X3 is all Static.

 

#7 - Strong Passwords! And no Password1 doesn't cut it. 8 character, at least 2 numbers, 2 characters, 2 Caps and no dictionary words. I.E.: Ue!7Bk4* is a strong password.Say you have WPA2-PSK AES on your router with Password1 as the wifi password. It would take a guy in a car with a laptop and BackTrack5 like 15 minutes to crack. Use the above password? Days, if not much, much longer.

 

#8 - If you MUST go to online warez, porn, gambling, etc sites? Do it on a virtual machine that you don't use to manage your router.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users