dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
3902
share rss forum feed


norwegian
Premium
join:2005-02-15
Outback

1 recommendation

Router security

Not sure where this will take me - call it curiosity.
Which is the easiest to attack a router, the inside or the outside?

I'm gathering to some extent the inside is the easiest of the 2 methods and understand/remember that great debate about hacking routers that has been posted or linked to about so much, I have a router that beeps and is going to be replaced under hardware failing; it made me wonder which is easiest?

For the conversation, if you are hacked, if you are not, if there is a firmware bug, if there isn't; you know all the basic questions. Which would you or do you consider the most important.....ports open can be discussed; but what if it was locked down; all those on/off switches that obtains different answers and differing responses.

They aren't bullet proof but they still are better with one than without, that I understand, but what ever is man made can be broken too.
--
The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke



Link Logger
Premium,MVM
join:2001-03-29
Calgary, AB
kudos:3

2 recommendations

Given that most of the defenses are on the outside, easier to whack from the inside (ie you typically are defending from those evil bastards outside your network with a router).

»El Cheapo Router Challenge

Blake
--
Vendor: Author of Link Logger which is a traffic analysis and firewall logging tool


HELLFIRE
Premium
join:2009-11-25
kudos:18
reply to norwegian

said by norwegian:

Which is the easiest to attack a router, the inside or the outside?

Depends on how it's (mis)configured.

Taking your average joe idiot box from the local electronics shop down the street, unless there's a glaring
screwup in the firmware coding or remote admin (inadvertently) left open, you shouldn't be able to do anything.
On the LAN side, however these things take a default "trust all" and as Link Logger points out, you've got
a bigger and easier attack surface when attacking on that end.

Regards


norwegian
Premium
join:2005-02-15
Outback

1 recommendation

quote:
Depends on how it's (mis)configured.
1. I usually turn off:
a) File sharing, UPNP.
b) Remote admin.
2. Hide SSID and only show it to allow the connection to happen before hiding it, use WPA2 as well.
3. Have no ports forwarded (non gamer or similar).
4. Change the password.
5. Turn on the firewall.

Some of the things I don't do but know I should:
1. Set specific NAT addresses, but then I do not link to an external server either.
2. Set specific MAC addresses.

This is my first wireless set up too and still learning the curves.
I think I've got the basics covered though. All of the internal devices I trust as they are my own in-house.

But for one to get infected and also add into this issues relating to network protocol weaknesses; wondered if there is any more to do. All have A/V (Kaspersky) or Clam (Apple) and firewalls.

Wireless is a shared key (WPA2 as mentioned) with good password strength, is there anything specific you need to aware of specifically there?

I have also heard you are better running the wireless separate from the router itself to help avoid conflicts etc, but for the home environment it seems to be fine; even though general consensus here suggests moving to a commercial router than the standard home version for better security if funds are available too.

I'm trying to weigh up how I should really set this house's network up and also a little check into what I need to make sure I tell others to keep them covered even though I may not always be around to help.
--
The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke



siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
reply to norwegian

I have my Bell 2Wire configured to: WPA-PSK and WPA2-PSK, if this is of any help to you.



Juggernaut
Irreverent or irrelevant?
Premium
join:2006-09-05
Kelowna, BC
kudos:2

1 recommendation

reply to norwegian

Non-SSID is easily sniffed. MAC's are easily spoofed. Two common misperceptions that can be ignored.

WPA2-AES, and a strong PW are the first steps. Hell, I leave my login name as admin. The rest is hardened.
--
Better to have it and not need it, then need it and not have it.



norwegian
Premium
join:2005-02-15
Outback
reply to norwegian

WPA is enabled.

I guess my next question on MAC addressing, is there an easy way to scan locally to get a list of MAC's and so you have a list to cross reference all the hardware across the air as well as hardwired ?



norwegian
Premium
join:2005-02-15
Outback

Never mind, this link was enough to make me go and dig around the router itself.

This recent topic on ARP had me wondering and now I have numerous wireless and hard wired items, not just hardwired, thought It worth checking up on as near all routers are wireless off the shelf now.
--
The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke



Juggernaut
Irreverent or irrelevant?
Premium
join:2006-09-05
Kelowna, BC
kudos:2
reply to norwegian

All of the connected HW should be visible in your router interface. Wireless, and wired.

If you have a guest network, don't forget to secure that as well.
--
Better to have it and not need it, then need it and not have it.



antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
United State
kudos:4
Reviews:
·Time Warner Cable
reply to norwegian

said by norwegian:

WPA is enabled...

I hope that's not the original weak WAP!


NormanS
I gave her time to steal my mind away
Premium,MVM
join:2001-02-14
San Jose, CA
kudos:11
Reviews:
·SONIC.NET
·Pacific Bell - SBC

said by antdude:

said by norwegian:

WPA is enabled...

I hope that's not the original weak WAP!

Wasn't the original weak security, "WEP"?
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

said by NormanS:

Wasn't the original weak security, "WEP"?

Yup, although WAP might better a better acronym. WAP = Wide-open Access Point
--
Don't feed trolls--it only makes them grow!

Shady Bimmer
Premium
join:2001-12-03
Northport, NY
Reviews:
·Verizon FiOS

said by StuartMW:

said by NormanS:

Wasn't the original weak security, "WEP"?

Yup, although WAP might better a better acronym. WAP = Wide-open Access Point

WAP = Wireless Access Point, and has nothing to do with security (It could also refer to Wireless Application Protocol in a slightly different context but still has nothing to do with security)
WEP = Wired Equivalent Privacy, an original security protocol for wireless networks. Considered very weak.
WPA = Wi-Fi Protected Access, the next-generation security protocol after WEP. WPA has been deemed weak against brute-force attacks.
WPA2 = Wi-Fi Protected Access 2, the next generation security protocol after WPA.


Juggernaut
Irreverent or irrelevant?
Premium
join:2006-09-05
Kelowna, BC
kudos:2

1 recommendation

Humour. You missed it.



StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

Yup, even the didn't make the point
--
Don't feed trolls--it only makes them grow!


Shady Bimmer
Premium
join:2001-12-03
Northport, NY
Reviews:
·Verizon FiOS

1 edit

said by StuartMW:

Yup, even the didn't make the point

Except that WAP has nothing to do with security. WAP by itself is wide open already and does in fact equate to "wide open". That is well known and even explicitly stated so I'm not sure where the humor is. This is why there are so many recommendations to actually enable security, since wireless by itself has no security at all.

Edit: BTW: WAP and WEP or WPA are not mutually exclusive. In fact unless a peer-peer ad-hoc network is used between two wireless clients, communiction is done with a WAP, and should use some form of security with that WAP, such as WEP, WPA, or WPA2.

In other words, the majority of wireless clients will connect with some type of wireless access point (WAP), and may optionally use security such as WEP, WPA, or WPA2 to protect its communications with that WAP.


Juggernaut
Irreverent or irrelevant?
Premium
join:2006-09-05
Kelowna, BC
kudos:2

Missed it again. Are you an engineer, by chance?

Expand your moderator at work

Shady Bimmer
Premium
join:2001-12-03
Northport, NY
Reviews:
·Verizon FiOS
reply to Juggernaut

Re: Router security

said by Juggernaut:

Missed it again. Are you an engineer, by chance?

By its definition, a WAP is already "wide-open" unless some additional features are leveraged.

Earlier, it was noted "I hope that's not the original weak WAP". WPA2 is done with a WAP. In that case a WAP is not "weak". WAP is not a protocol. It is the other end of a wireless connection.

This is like saying fruit is not orange in color. . .Why is that funny?


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

1 recommendation

Ok. Let me try and explain.

WEP is crackable in seconds. Most people know that.
Crackable in seconds ==> Wide-open

Thus using the original error (of WAP = WEP) by antdude See Profile above.

WAP = Wide-open Access Point

Get it?

. o O (Got a live one here)
--
Don't feed trolls--it only makes them grow!



Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:5
reply to norwegian

Inside, because its least expected and harder to control. Throw 500 free USB sticks into a lobby, guaranteed one person will stick into a laptop or work pc in teh building.......... or at home.....

Expand your moderator at work

Shady Bimmer
Premium
join:2001-12-03
Northport, NY
Reviews:
·Verizon FiOS
reply to StuartMW

Re: Router security

said by StuartMW:

WEP is crackable in seconds. Most people know that.
Crackable in seconds ==> Wide-open

I don't think I disputed that, and in fact stated WEP is known to be very weak. Regardless it has nothing to do with a WAP.

Thus using the original error (of WAP = WEP) by antdude See Profile above.

Ah, so you are assuming that when antdude See Profile stated 'WAP' that he actually meant 'WEP'? I don't see why you would assume that.

WEP/WPA/WPA2 are security protocols. WAP is a physical object that provides wireless network connectivity. Completely unrelated.

Get it?

WAP = Wireless Access Point, which is by definition wide open already. I still don't get why you think that is humorous, other than that you may have misread/misinterpreted a previous post.
Expand your moderator at work

Shady Bimmer
Premium
join:2001-12-03
Northport, NY
Reviews:
·Verizon FiOS
reply to norwegian

Re: Router security

said by norwegian:

Which is the easiest to attack a router, the inside or the outside?

This thread seems to have strayed from the original question (above) and before this thread gets locked:

The answer depends on what is meant by 'attack a router'. Generally a consumer router/firewall is designed to protect a private network inside one's home. In a commercial space, the concept is the same (protect internal network) but is typically done with dedicated-purpose firewalls separate from routers.

In a consumer space, an "internal" attack on a router may be easier, if only because router administration is often completely blocked/filtered from external interfaces. In commercial space, this is also true for many internal networks. If router administration is enabled on the external interface, then there is little difference between an internal or exernal attack on the router itself.

With respect to ease of gaining access to a network, if you already have access to the internal network then there is no attack involved. Once there, you have direct access to the hosts on that network which you would not have from an external attack. Most attacks focus on gaining access to the internal network, which typically involves compromising the firewall (or router/firewall) (but not always). botnet trojans can provide network access independent of access to any consumer router/firewall largely due to the unrestricted outbound access that is typical in those installations. When dealing with network access as a whole, this is only as strong as the weakest device regardless of whether it is a host or a router/firewall (in consumer space).


Juggernaut
Irreverent or irrelevant?
Premium
join:2006-09-05
Kelowna, BC
kudos:2

Internal is always the weakest link. A download, or a bad link will lead to disaster.

Modern routers are far harder to breach, if set up reasonably well.
--
Better to have it and not need it, then need it and not have it.



StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

said by Juggernaut:

Modern routers are far harder to breach, if set up reasonably well.

I have my router configured so it is only accessible, from the LAN side, by serial (direct connection). HTTPS and SSH. The last two require a certain certificate in addition to the usual password. Is it possible for it to be hacked? Sure but unlikely.
--
Don't feed trolls--it only makes them grow!

Shady Bimmer
Premium
join:2001-12-03
Northport, NY
Reviews:
·Verizon FiOS

1 recommendation

reply to Juggernaut

said by Juggernaut:

Internal is always the weakest link. A download, or a bad link will lead to disaster.

That is the difference between attacking/breaching a network and attackig/breaching a router (firewall).

Gain access to a host via malicious download (active or passive) and you have easy access to the network. This would not gain access to the router necessarily. A firewall (consumer router/firewall) would only be less secure on its internal side over its external side due to the fact that its management may be blocked entirely from the external side. If additional care is taken such as that used by corporations and individuals as noted by StuartMW See Profile then even gaining just internal network access may have no advantage in exploiting the router/firewall over an external attack.

If the question is over gaining access to the network then yes, as I noted the network is only as strong as its weakest device. The router/firewall is rarely the weakest point and is as a result not the common point of attack. It is more often easier to gain access to a network by using an exploit on another host, bypassing the router/firewall entirely.

This is one reason (among several) that commercial firewall implementations typically restrict traffic in both directions. In the event access to a given internal host is obtained, this in turn may not be used easily as a bypass around inbound firewall restrictions. These protections are no guarantee, but are just one control among many.

To the original question: A given firewall (consumer router/firewall) is less secure internally only due to the fact that it may have unrestricted management access on its internal network. There is nothing in particular beyond that to make the internal interface(s) any less "secure" than the external interface(s).

The internal network itself, however, is typically easier to attack than the router/firewall in most consumer installations. Penetrating the router and penetrating the network are two different cases.


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

said by Shady Bimmer:

The internal network itself, however, is typically easier to attack than the router/firewall in most consumer installations. Penetrating the router and penetrating the network are two different cases.

True. Which is why I only have specific folders shared between machines on my LAN and those folders are only used when transferring files. Thus if a particular machine is compromised the attacker can't (easily) get to files on other machines. NetBIOS (over TCP/IP) is also disabled (it is easily exploited).
--
Don't feed trolls--it only makes them grow!