SOHO routers are all plagued with security holes

[qubit]

Looks like every single model of home router that we all use has bags of security holes in it, according to security experts. Not great news is it?

Years ago, I used to connect to ADSL via an Alcatel USB modem plugged into a PC working as an IPCop firewall, which was very secure. However, that modem only supported 8Mb/s so can't be used today without a serious performance loss, so I'm now using a bog standard router too. I used to set it to pass-through mode and have IPCop firewall the internet, but I haven't bothered with this in ages as it tended to be problematic with this model.

Unfortunately, one can't get plain vanilla ADSL modems nowadays with just an ethernet port and no other functionality to repeat this setup with modern components. What a shame.

Home and small business router security is terrible. Exploits emerge with depressing regularity, exposing millions of users to criminal activities.

Many of the holes are so simple as to be embarrassing. Hard-coded credentials are so common in small home and office routers, comparatively to other tech kit, that only those with tin-foil hats bother to suggest the flaws are deliberate.

Read all about it at The Register (warning long attention span needed).

 

[Disparia]

On my to-buy list is a new router. My current one hasn't been supported in about a year so beyond the bugs I know aren't getting fixed there are probably a bunch of unpatched sploits I don't know about.

remixedcat talks about her Meraki Z1 and I'm thinking of going that route.

 

[newtekie1]

This is one of the reasons I always buy routers that support 3rd party firmware(Tomato or DD-WRT, I prefer Tomato). They get firmware updates for basically ever, and if bugs are found they are fixed. Unlike normal router firmware that might get one or two updated and then nothing.

 

[Kursah]

This is one of the reasons I always buy routers that support 3rd party firmware(Tomato or DD-WRT, I prefer Tomato). They get firmware updates for basically ever, and if bugs are found they are fixed. Unlike normal router firmware that might get one or two updated and then nothing.

+1, that's for damn sure!

There are many things home users can do, but with all the cheap routers out there, anyone that chooses them without spending the time to research is likely screwed on the total security front. Odds are they're also not worth targeting too...mostly. Doesn't mean they won't ever be, I was a target when I had my cheap Belkin router...POS. I replaced that with an Asus AC66R, slapped Merlin on it, and all of my issues were solved.

I also use DNS Filtering through OpenDNS Home, with a free account. This really does amazing things on a front many often overlook. You don't NEED to register for the free service as you can just use their DNS servers, but if you do sign up, you can actually have control over filtering...so in essences it's another type of firewall to the web. Your PC, your Router, some Modems/Bridges from ISP's, and your DNS should all be filtered IMHO.

Anyone that reads this should do themselves a favor and take a look at their DNS service, if using ISP, I'd recommend trying something new unless you feel you can really trust their service (don't trust Charter's, at least for the West Rocky Mountain, West Coast regions...), even using Google's. I setup Google's DNS as a secondary, and am relying on OpenDNS filtering. It's made filtering what my kids see that much easier between limited Windows accounts, MAC filter rule restrictions filtering some sites they aren't privy to, and letting OpenDNS and Malwarebytes Premium filter the rest...works amazingly well and provides multiple layers of filtering.

https://www.opendns.com/

http://arstechnica.com/security/201...e-sites-by-understanding-sneaky-domain-names/


Most users won't waste time here, and odds are their data's been perused or partially seen and judged as useless, just depends. I've heard good things about IPCop, I've used PFSense with good results. I am pretty close to obtaining an old SonicWall TZ105 that I look very much forward to playing with!!! Keeping my fingers crossed on that deal!

There's so many angles to look at security, a firewall on a router is only one part of the puzzle...but it's pretty damn important.

 

[remixedcat]

On my to-buy list is a new router. My current one hasn't been supported in about a year so beyond the bugs I know aren't getting fixed there are probably a bunch of unpatched sploits I don't know about.

remixedcat talks about her Meraki Z1 and I'm thinking of going that route.

Yesss!!! get ittt!!! XD ha ha Cisco Meraki makes updates constantly and they even increased firewall throughput as well twice! Support is fast too. And Ive' only needed it for little nag type issues nothing major unlike most other brands!

I gave up on amped becuase they neglect firmware and even people that liked them like me.
I gave them a ton of feedback and was nice enough to give them extra time to fix issues before my reviews published and tried to reason with them, they flat out ignore me and that pisses me off. Us reviewers make or break these companies and we are the ones that help them and basically provide a 6 figure service for free, when they treat us like crap then that just makes them crap.