Hm, nope, I think with consumer routers you plug 'em in, and then you look at the manual in the box and then access the Wifi point with the default password. Then login to the router with the default credentials and then change the WIfi password, because, otherwise idiot.
But you leave the router credentials as they are because you assume they can only be accessed by someone with a) your Wifi password that you have just changed or b) ethernet access to the router which is deterred by physical means such as door locks/windows. Not Fort Knox here, but then again, no gold either. Unless it's a "cloud router" you assume that the router controls cannot be accessed with the default login directly from the internet, only from the onsite connected ethernet cable or Wifi.
So is that assumption above .. a correct assumption? Or dangerous?
How do you secure your (wireless) router?
-
gcmartin
A little too wordy for this thread's needs. Moved to new thread, here
Last edited by gcmartin on Fri 26 Dec 2014, 23:02, edited 1 time in total.
I wish I could say that or even some people who live around me.I have not seen any accesses from any wireless user outside of my home premise....ever. I live is a area with many homes and lots of walkers, young and old and constant traffic in and out of the neighborhood.
I can access and use up to 3 different wireless routers, owned by other people living in homes around my house, simply because they do not have them password access protected.
I can see the wireless routers and access them with no problem.
But I do not.
They can see my router too, but they do not have my connection access password.
People who think nothing can happen make it so easy for things to happen.
The things they do not tell you, are usually the clue to solving the problem.
When I was a kid I wanted to be older.... This is not what I expected
YaPI(any iso installer)
When I was a kid I wanted to be older.... This is not what I expected
YaPI(any iso installer)
OK cool, so I think now I've secured myself sufficiently prudently. Wifi password enabled. Admin password changed. No WEP. Seems like that's the basics; I'm not overly worried about the NSA or North Korea:)
Let's talk about a hypothetical situation where a snooping user has cracked the wifi password (assume they guessed it manually or in some more sophisticated way; doesn't matter.)
Can that user potentially view internet traffic from other connected devices? Let's assume for simplicity one of those is a Windows device, ie probably least secure of current OSs. Can they upload or download files from those devices? Could they upload firmware to the router to do ... anything else nefarious that I can't even think of?
Note I am NOT looking for instructions or wish to do any of those bad things myself. I'm purely concerned about the other side, the personal data security aspect. And as you can tell, it's realistically 99.999% likely to remain hypothetical in any case
Let's talk about a hypothetical situation where a snooping user has cracked the wifi password (assume they guessed it manually or in some more sophisticated way; doesn't matter.)
Can that user potentially view internet traffic from other connected devices? Let's assume for simplicity one of those is a Windows device, ie probably least secure of current OSs. Can they upload or download files from those devices? Could they upload firmware to the router to do ... anything else nefarious that I can't even think of?
Note I am NOT looking for instructions or wish to do any of those bad things myself. I'm purely concerned about the other side, the personal data security aspect. And as you can tell, it's realistically 99.999% likely to remain hypothetical in any case
Now you can consider the actual protection built into the router and the modem you are using.
You get what you pay for
Some have there own firewalls, internal settings, access control, etc...
Some are just very basic connection devices, that offer nothing extra.
I had one I could never get "shields up" test to pass 100%.
Shields up is a good test of how you are connected to the Internet.
https://www.grc.com/x/ne.dll?bh0bkyd2
Just click proceed to get to the actual test.
On the test page there are buttons to run tests on different functions.
Common ports test is the one you want to see 100% "TruStealth" rating.
You get what you pay for
Some have there own firewalls, internal settings, access control, etc...
Some are just very basic connection devices, that offer nothing extra.
I had one I could never get "shields up" test to pass 100%.
Shields up is a good test of how you are connected to the Internet.
https://www.grc.com/x/ne.dll?bh0bkyd2
Just click proceed to get to the actual test.
On the test page there are buttons to run tests on different functions.
Common ports test is the one you want to see 100% "TruStealth" rating.
The things they do not tell you, are usually the clue to solving the problem.
When I was a kid I wanted to be older.... This is not what I expected
YaPI(any iso installer)
When I was a kid I wanted to be older.... This is not what I expected
YaPI(any iso installer)
Using windows with a usb modem the best I got was closed... but that at least stopped the usual infiltrations up rpc and netBios ports. Their site actually gives you the info needed to close those ports and make other tcp/ip improvements... they helped too.
Without those fixes I can see why firewalls became the standard fashion on windows since otherwise infections take about 2 minutes... great fun...but to me better to fix the system flaws than hide behind the sofa....
Well me netgear does seem to be one of the better ones...nice and stealthed with full firewall controls. Actually very handy for blocking ad sites too.
mike
Without those fixes I can see why firewalls became the standard fashion on windows since otherwise infections take about 2 minutes... great fun...but to me better to fix the system flaws than hide behind the sofa....
Well me netgear does seem to be one of the better ones...nice and stealthed with full firewall controls. Actually very handy for blocking ad sites too.
mike
Mine is fully stealthed and I'm using Windows.
Mind you I am sat behind two router firewalls and Private Firewall - which is only there to stop cross machine traffic when I forget to connect test machines to the guest network or by ethernet.
Two routers because I'm with Sky in the UK and the router that offer doesn't have decent wireless or protection so I Gb wire to my Netgear router and use that as an access point.
Mind you I am sat behind two router firewalls and Private Firewall - which is only there to stop cross machine traffic when I forget to connect test machines to the guest network or by ethernet.
Two routers because I'm with Sky in the UK and the router that offer doesn't have decent wireless or protection so I Gb wire to my Netgear router and use that as an access point.
"Just think of it as leaving early to avoid the rush" - T Pratchett
-
gcmartin
A little too wordy for this thread's needs. Moved to new thread, here
Last edited by gcmartin on Fri 26 Dec 2014, 23:01, edited 3 times in total.
So you are providing free WIFI to anyone around your location that can pick up your WIFI signal.
I can access and use up to 3 different wireless routers, owned by other people living in homes around my house, simply because they do not have them password access protected. I get a usable strength signal from all of them.
Seems you would be one of them.
I can access and use up to 3 different wireless routers, owned by other people living in homes around my house, simply because they do not have them password access protected. I get a usable strength signal from all of them.
Seems you would be one of them.
The things they do not tell you, are usually the clue to solving the problem.
When I was a kid I wanted to be older.... This is not what I expected
YaPI(any iso installer)
When I was a kid I wanted to be older.... This is not what I expected
YaPI(any iso installer)
you have my deepest sympathies..I'm with Sky in the UK
Actually the fun begins when you want to leave them...fortunately I have never had the pleasure but have known others that did.
I must be one of the twenty people in the country using the post office but their free netgear router is nice. Its firewall saves having to do those windows mods.
Some of the neighbours did have unsecured wireless but they all seemed to have got wise over the years.
Security...well I have opened ports for various services at times....though I closed them after use ...chat, game servers VNC, and OMG ssl. How much of a target they are its hard to say ...would such ports be included in scans... does changing the port to non standard help?
Its less relevant since dyndns stopped being free as I have hardly used them since. No ip works but its not exactly automatic. Just would be nice to have some remote control arrangement.
Perhaps its like browser targets...windows' holes are so well known, simple and common why bother looking elsewhere. If they found say a VNC port then there is a password to crack.
mike