home routers contain critical security vulnerabilities

[Rx_]

Are home routers a real problem or our community of users?
I know enough about networking to get things to what I think is secure. It is a byproduct of the programming and DBA lifestyle.
If you VPN from work and leak data, are you liable? Thought it interesting that ALL routers tested had security issues.

http://www.computerworld.com/s/arti...bilities?source=CTWNLE_nlt_dailyam_2013-04-18

Thirteen popular home and small office routers contain security problems that could allow a hacker to snoop or modify network traffic, according to new research.

Independent Security Evaluators (ISE), a security consultancy based in Baltimore, found that all of the routers they tested could be taken over if the hacker had access credentials. The tested products came from Linksys, Belkin, Netgear, Verizon and D-Link.

"Successful mitigation often requires a level of sophistication and skill beyond that of the average user," ISE said.

 

[rodmc]

which is why I always have a software firewall on all my nodes, can make things a bit tricky at times but it does give a little extra security

 

[Vassago]

"...if the hacker had access credentials..."

Ummm... no kidding??? You mean if I have credentials to something I can control it???

I think one of the bigger problems here is people who don't change the credentials on routers they purchase.

 

[Rx_]

I was thinking the same thing. To be clear, is the password that is usually <blank> for the Admin? Or, are there other precautions that should be considered? e.g. Assign IP by specific numbers rather than dynamic.

Then on the router's wireless side, heard there was monitoring equipment that can monitor the wireless login. The older encryption they claimed could be discovered in two to four wireless logins. The newer ones were only around a dozen times.

These articles don't always reflect all of the reality of a router. My fear is that networking is not my major area of knowledge. The idea that a consumer product might leave holes in the security wouldn't surprise me.

I went to the Network over PowerLine plug in for tcip. Each box has its own 64 bit encrypt and then request the ID of the other six units. They only carry 0.5 gb bandwidth between units over the electrical power line. Other than the expense, have been very happy with the results.
Everyting is by wire (electrical powerline) with each PC using a Static IP mapped to the router. If a PC needs moved, just unplug the network powerline and plug it into the wall where needed.

But it is the router that always bothers me. The instructions are never that great.

 

[kevlray]

Two things I have done on my wireless router. One is change the Admin password (it was password), second 'hide' the broadcasting, thus someone would have to have the name of the wireless account plus the credentials.