Discussion in 'Frontpage news' started by Hilbert Hagedoorn, Sep 29, 2018.
Get an IQrouter, thank me later. It'll do a lot more than keep you safe.
A router running Openwrt with Cake qos and Atheros wifi adapters. There is nothing like that, nobody should bother with anything else.
Those who flashed DD-WRT on their router can sleep better?
My pfSense box project is 95% finished, more reason to hurry up.
It would be really helpful if the firmware updates that vendors provided were checked more thoroughly for bugs. More than once I've flashed a new firmware only to find that it breaks features of the router, and had to flash to an older version to make it fully functional. This has been across multiple brands popular with consumers.
Or MikroTick hAP ac^2 router which have it all and you never need to restart it only when it updates, and it has a lot of update which gives improvements all the times, and it's tiny like a little watch box.
At this point, would the only way to be remotely secured to go full manual with something like a PFSense box?...
looks like it. even so, hardware firmware's could betray you.
very few processors are truly open and have their internal software blobs audited for backdoors.
paranoia never ever stops.
Actually, since its referring to only a selected group of routers, it is "of the routers" and not "of routers." "Of routers" implies all routers in existence, while "of the routers" implies only the routers selected for this study.
Only way you can trust your security is to secure it yourself.
I would recommend openwrt over all of that, even if you have a dedicated box.
Honestly only your ISP knows... or maybe you if you can log into that thing.
In Belgium the ISP's have the tendency to occasionally push firmware updates if it's a big issue or needed for upgrades in their own network. But no idea how they operate in other countries.
Though for anyone tech savy enough to figure out networking basics, I'd always advise people to get a "dumb modem" from the ISP and make sure you get to configure your own router with the external IP address from the ISP. In some cases a modem isn't needed, some DSL providers use PPPoE and will allow you to initiate the session from your own router and use their existing gateway/router as a dumb modem/switch.
For Coax modems, motorola usually designs a modem only model as well.
In general if an ISP doesn't allow me to do this, my reaction is that they can go f' themselves. Though not everyone will have that luxury due to ISP's sometimes having a monopoly in certain areas.
Honestly best practice would be offering both options openly. In Belgium we have 1 COAX ISP and we often have to nag endlessly to get a motorola modem-only model. I think ISP's should just be flat out forced to offer both options without question.
A customer should be allowed to manage his own home internet properly. Obviously most normal users don't care, but the idea that I wouldn't be allowed to manage my own home network properly still baffles me.
My ISP requires that their supplied "modem/router" is used. There is no option for a simple "modem".....or, in my case, a simple "gateway" device. At least with the last place I lived, I could have wired by own router directly to the ONT if I didn't care to watch TV on occasion....or have a kid that likes to watch TV. I have found that my ISP almost never updates their supplied "modem/router".... The unit I turned in a couple weeks ago was still running the same firmware from 2 years ago. The unit I had before that was running 4+ year old firmware.
It was nice to see my router on that list of tested routers. Also got an e-mail from Netgear that there was a new firmware update released for my router today. Not happy that the list of "vulnerability free" routers was not published.... This is now the second update for my Netgear router in the last 2 months.
You mean the TV boxes need their own seperate IP address from the ISP? That can often be done if you can configure separate VLAN's, etc on your own router.
The ONT I had at my old place only allowed 1 connection to be active (according to all data I could find on it). Either the COAX, which required a MoCA bridge (which is built into the supplied "modem/router"), or the ethernet port. The "modem/router" could be replaced by a pair of MoCA bridges (again, according to all data I could find), but then TV service would not function (also, according to all data I could find). The new "ONT" doesn't support ethernet at all.... It's COAX only. All of the equipment installed by my ISP, is supposedly "custom made" for my ISP so they can force additional (read: unnecessary) equipment on customers. They charge $18/month for a STB and $10/month for the "modem/router"....so, why not force additional equipment on customers? That's extra money they can collect. I'm sure if they could figure out a way, they'd charge a "rental fee" for the ONT as well....
and lo ~ I have a router update! thnx for the heads up! (even updated just a month ago).
if anyone needs help do this:
open file explorer (the folder icon on the taskbar)
click "network" on the left
in windows 10, my wifi router appears under "network infrastructure" as "R7000 (Gateway)"
right click that > "view device webpage"
if it's netgear, The user name is admin, and the password is password
you may see a flag to update firmware at the top of that main page, if not,
click "advanced" tab > click "administration" on the left > "router update"
again, you should see update firmware, but if not click "check"
let it take the time to update and reset your router (no internet for a minute while it resets)
as for your cable modem, google your device model number. if it's like mine, it says that firmware updates are pushed by your ISP so no worries there
other tips to maximize security:
- there may be an option to auto update on your router page (expect to be kicked offline sometimes but who knows maybe it's smarter and knows your idle time like windows 10 updates now)
- keep windows up to date (type 'check for updates' on windows 10 search bar) > click "check now" if they don't appear already
- keep your pc up to date w/ manufacturer software (for me it's the "Lenovo vantage" windows 10 app. this pc updates its bios etc a lot)
- use a wired connection directly from your cable modem to your newest PC (a new chipset that's designed to not have spectre and meltdown vulnerabilities etc).
Plenty of reason to worry there. Not all ISPs actually bother with firmware updates. Like I said above, the ISP provided "modem/router" that I returned last month was still running on the same firmware as when I received it 2 years ago. The "modem/router" that it replaced was running on 4+ year old firmware.
A wired connection directly to a broadband modem is NEVER a good idea. Consumer grade broadband modems lack security features necessary to protect a network, much less a PC. Meltdown and Spectre are NOT chipset vulnerabilities. They're CPU vulnerabilities. Intel would have to develop an entirely new CPU architecture to address the vulnerabilities correctly.
Has Lenovo finally removed all of the spyware from their software?