Router security

Author	All Replies
norwegian Premium join:2005-02-15 Outback Reviews: ·WestNet Broadband	Router security Not sure where this will take me - call it curiosity. Which is the easiest to attack a router, the inside or the outside? I'm gathering to some extent the inside is the easiest of the 2 methods and understand/remember that great debate about hacking routers that has been posted or linked to about so much, I have a router that beeps and is going to be replaced under hardware failing; it made me wonder which is easiest? For the conversation, if you are hacked, if you are not, if there is a firmware bug, if there isn't; you know all the basic questions. Which would you or do you consider the most important.....ports open can be discussed; but what if it was locked down; all those on/off switches that obtains different answers and differing responses. They aren't bullet proof but they still are better with one than without, that I understand, but what ever is man made can be broken too. -- The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke
	to forum · permalink · 2012-09-25 07:39:14 ·
Link Logger Premium,MVM join:2001-03-29 Calgary, AB kudos:3	Given that most of the defenses are on the outside, easier to whack from the inside (ie you typically are defending from those evil bastards outside your network with a router). »El Cheapo Router Challenge Blake -- Vendor: Author of Link Logger which is a traffic analysis and firewall logging tool
	to forum · permalink · 2012-09-25 07:46:29 ·
HELLFIRE join:2009-11-25 kudos:7	reply to norwegian said by norwegian: Which is the easiest to attack a router, the inside or the outside? Depends on how it's (mis)configured. Taking your average joe idiot box from the local electronics shop down the street, unless there's a glaring screwup in the firmware coding or remote admin (inadvertently) left open, you shouldn't be able to do anything. On the LAN side, however these things take a default "trust all" and as Link Logger points out, you've got a bigger and easier attack surface when attacking on that end. Regards
	to forum · permalink · 2012-09-27 00:05:57 ·

norwegian Premium join:2005-02-15 Outback Reviews: ·WestNet Broadband	quote: Depends on how it's (mis)configured. 1. I usually turn off: a) File sharing, UPNP. b) Remote admin. 2. Hide SSID and only show it to allow the connection to happen before hiding it, use WPA2 as well. 3. Have no ports forwarded (non gamer or similar). 4. Change the password. 5. Turn on the firewall. Some of the things I don't do but know I should: 1. Set specific NAT addresses, but then I do not link to an external server either. 2. Set specific MAC addresses. This is my first wireless set up too and still learning the curves. I think I've got the basics covered though. All of the internal devices I trust as they are my own in-house. But for one to get infected and also add into this issues relating to network protocol weaknesses; wondered if there is any more to do. All have A/V (Kaspersky) or Clam (Apple) and firewalls. Wireless is a shared key (WPA2 as mentioned) with good password strength, is there anything specific you need to aware of specifically there? I have also heard you are better running the wireless separate from the router itself to help avoid conflicts etc, but for the home environment it seems to be fine; even though general consensus here suggests moving to a commercial router than the standard home version for better security if funds are available too. I'm trying to weigh up how I should really set this house's network up and also a little check into what I need to make sure I tell others to keep them covered even though I may not always be around to help. -- The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke
	to forum · permalink · 2012-09-28 23:58:12 ·
siljaline I'm lovin' that double wide Premium join:2002-10-12 Montreal, QC kudos:17	reply to norwegian I have my Bell 2Wire configured to: WPA-PSK and WPA2-PSK, if this is of any help to you.
	to forum · permalink · 2012-09-29 21:24:08 ·
Juggernaut Irreverent or irrelevant? Premium join:2006-09-05 Kelowna, BC kudos:2	reply to norwegian Non-SSID is easily sniffed. MAC's are easily spoofed. Two common misperceptions that can be ignored. WPA2-AES, and a strong PW are the first steps. Hell, I leave my login name as admin. The rest is hardened. -- Better to have it and not need it, then need it and not have it.
	to forum · permalink · 2012-09-29 21:31:52 ·
norwegian Premium join:2005-02-15 Outback	reply to norwegian WPA is enabled. I guess my next question on MAC addressing, is there an easy way to scan locally to get a list of MAC's and so you have a list to cross reference all the hardware across the air as well as hardwired ?
	to forum · permalink · 2012-09-29 23:00:09 ·
norwegian Premium join:2005-02-15 Outback Reviews: ·WestNet Broadband	Never mind, this link was enough to make me go and dig around the router itself. This recent topic on ARP had me wondering and now I have numerous wireless and hard wired items, not just hardwired, thought It worth checking up on as near all routers are wireless off the shelf now. -- The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke
	to forum · permalink · 2012-09-29 23:11:53 ·
Juggernaut Irreverent or irrelevant? Premium join:2006-09-05 Kelowna, BC kudos:2	reply to norwegian All of the connected HW should be visible in your router interface. Wireless, and wired. If you have a guest network, don't forget to secure that as well. -- Better to have it and not need it, then need it and not have it.
	to forum · permalink · 2012-09-29 23:17:53 ·
antdude A Ninja Ant Premium,VIP join:2001-03-25 United State kudos:4 Reviews: ·RoadRunner Cable	reply to norwegian said by norwegian: WPA is enabled... I hope that's not the original weak WAP!
	to forum · permalink · 2012-09-29 23:39:03 ·
NormanS Premium,MVM join:2001-02-14 San Jose, CA kudos:9 Reviews: ·SONIC.NET ·Pacific Bell - SBC	said by antdude: said by norwegian: WPA is enabled... I hope that's not the original weak WAP! Wasn't the original weak security, "WEP"? -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum
	to forum · permalink · 2012-09-30 15:18:01 ·
StuartMW Who Is John Galt? Premium join:2000-08-06 Galt's Gulch kudos:2 Reviews: ·CenturyLink	said by NormanS: Wasn't the original weak security, "WEP"? Yup, although WAP might better a better acronym. WAP = Wide-open Access Point -- Don't feed trolls--it only makes them grow!
	to forum · permalink · 2012-09-30 15:23:57 ·
Shady Bimmer Premium join:2001-12-03 Northport, NY	said by StuartMW: said by NormanS: Wasn't the original weak security, "WEP"? Yup, although WAP might better a better acronym. WAP = Wide-open Access Point WAP = Wireless Access Point, and has nothing to do with security (It could also refer to Wireless Application Protocol in a slightly different context but still has nothing to do with security) WEP = Wired Equivalent Privacy, an original security protocol for wireless networks. Considered very weak. WPA = Wi-Fi Protected Access, the next-generation security protocol after WEP. WPA has been deemed weak against brute-force attacks. WPA2 = Wi-Fi Protected Access 2, the next generation security protocol after WPA.
	to forum · permalink · 2012-09-30 17:43:26 ·
Juggernaut Irreverent or irrelevant? Premium join:2006-09-05 Kelowna, BC kudos:2	Humour. You missed it.
	to forum · permalink · 2012-09-30 17:44:44 ·
StuartMW Who Is John Galt? Premium join:2000-08-06 Galt's Gulch kudos:2	Yup, even the didn't make the point -- Don't feed trolls--it only makes them grow!
	to forum · permalink · 2012-09-30 17:45:39 ·
Shady Bimmer Premium join:2001-12-03 Northport, NY 1 edit	said by StuartMW: Yup, even the didn't make the point Except that WAP has nothing to do with security. WAP by itself is wide open already and does in fact equate to "wide open". That is well known and even explicitly stated so I'm not sure where the humor is. This is why there are so many recommendations to actually enable security, since wireless by itself has no security at all. Edit: BTW: WAP and WEP or WPA are not mutually exclusive. In fact unless a peer-peer ad-hoc network is used between two wireless clients, communiction is done with a WAP, and should use some form of security with that WAP, such as WEP, WPA, or WPA2. In other words, the majority of wireless clients will connect with some type of wireless access point (WAP), and may optionally use security such as WEP, WPA, or WPA2 to protect its communications with that WAP.
	to forum · permalink · 2012-09-30 17:57:44 ·
Juggernaut Irreverent or irrelevant? Premium join:2006-09-05 Kelowna, BC kudos:2	Missed it again. Are you an engineer, by chance?
	to forum · permalink · 2012-09-30 18:02:13 ·
Shady Bimmer Premium join:2001-12-03 Northport, NY	reply to Juggernaut Re: Router security said by Juggernaut: Missed it again. Are you an engineer, by chance? By its definition, a WAP is already "wide-open" unless some additional features are leveraged. Earlier, it was noted "I hope that's not the original weak WAP". WPA2 is done with a WAP. In that case a WAP is not "weak". WAP is not a protocol. It is the other end of a wireless connection. This is like saying fruit is not orange in color. . .Why is that funny?
	to forum · permalink · 2012-09-30 18:07:52 ·
StuartMW Who Is John Galt? Premium join:2000-08-06 Galt's Gulch kudos:2 Reviews: ·CenturyLink	Ok. Let me try and explain. WEP is crackable in seconds. Most people know that. Crackable in seconds ==> Wide-open Thus using the original error (of WAP = WEP) by antdude above. WAP = Wide-open Access Point Get it? . o O (Got a live one here) -- Don't feed trolls--it only makes them grow!
	to forum · permalink · 2012-09-30 18:09:23 ·

Broadband Tech > Security > Security > Router security

Re: Router security