An open community 
of Macintosh users,
for Macintosh users.

FineTunedMac Dashboard widget now available! Download Here

Previous Thread
Next Thread
Print Thread
Business class routers and security
#44824 06/02/17 04:10 PM
Joined: Sep 2009
deniro Offline OP
OP Offline

Joined: Sep 2009
I have Avast installed on the Windows machines on my network, and ever since it has told me that my router has been compromised, has flaws, can be broken into easily, and so on.

It never has, as far as I know, but I still get these false positives. That's a real problem, because if a real problem ever occurs, how will I know? I'll assume it's another false positive by the antivirus program that cried wolf. I don't have the time or desire to research every time Avast rings the bell to make me salivate. I like the program, but it's tempting to ditch it for this reason.

I want to make sure: my router is secure and, two, that I bought a router than can be secure.

Google gave me some web sites to help check the security of my router. I also found an article in which someone insists we should use business class routers ($200 and up) rather than the consumer ones sold in big box stores. Would anyone like to comment on this? I don't know what to think, in part because this is the first time I've seen it recommended, and he seems to be the only one making the recommendation. Also, the companies that make consumer class routers, like Netgear and Linksys, make higher security routers for business . But he recommends the Pepwave Surf SOHO. Why them? Is he connected to them?

http://www.tomsguide.com/us/home-router-security,news-19245.html

"If a router is sold at [an electronics chain], you don't want to buy it," independent computer consultant Michael Horowitz said in a presentation. "If your router is given to you by your internet service provider [ISP], you don't want to use it either, because they give away millions of them, and that makes them a prime target both for spy agencies and bad guys."

Horowitz recommended that security-conscious consumers instead upgrade to commercial routers intended for small businesses, or at least separate their modems and routers into two separate devices. (Many "gateway" units, often supplied by ISPs, act as both.)

Re: Business class routers and security
deniro #44825 06/02/17 04:16 PM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
Quote:
If your router is given to you by your internet service provider [ISP], you don't want to use it either, because they give away millions of them, and that makes them a prime target both for spy agencies and bad guys.

I'm not sure what to make of that.

Verizon recently gave me a new Fios router, and it's pre-set password is an extremely strong 16 characters, while the networks it sets up are protected by an even stronger 18 character password.


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: Business class routers and security
artie505 #44831 06/02/17 05:20 PM
Joined: Aug 2009
Likes: 16
Moderator
Online
Moderator

Joined: Aug 2009
Likes: 16
Passwords and password length are only part of the issue. What type of password encryption is used? Some encryption schemes require the use of fixed length hexadecimal passwords (probably what your FiOS router is using), others accept passwords or phrases of almost any length. Some encryption schemes are easier to break than others.
  • What other security features are offered?
  • How "strong" are those protections?
  • When "exploits" are discovered
    • are there provisions for upgrading/updating the router firmware or do you have to buy an new router?
    • What is the vendor's record on responding to new vulnerabilities?
    • How are updates promulgated and controlled?
  • of the features provided in business class routers how many will you use, be wiling to pay for, even understand what they are?
  • What is the level of training/expertise/experience required for setting up the router?
  • How deep is your pocketbook?
  • etc
ISP provided routers tend to skimp on many of these items to save money and to simplify installation for the techno-averse users so they are arguably softertargets.

It is a well accepted axiom that anything that can be created by the human mind can be defeated by the human mind and there is no such thing as absolute security. Like everything else in our technological world security is a collection of trade-offs. If I turn on all the security features I have available I could be a lot more secure but the trade off would be the inability to access a large number of websites and internet commerce would be virtually impossible. The point is you have to balance...
  • Security
  • Reliability
  • Functionality
  • Usability
  • Speed
  • Risk
  • Capability
  • Cost
  • and availability
and remember there is no free lunch. You are going to have to give up something to get anything. Personally I do not like ISP routers, they typically put all the control in the hands of the ISP and take it away from me. I use an ISP provided modem connected to an upper end personal level Netgear router I found at Costco for nearly $100 off MSRP. (FWIW there have been two security updates since I installed it and they were easy-peazy.) I lack the patience, knowledge, money, and need for a full featured "business router" and in fact there are security features on this router I choose not to use simply because they would require so much time to set up and administer.


If we knew what it was we were doing, it wouldn't be called research, would it?

— Albert Einstein
Re: Business class routers and security
joemikeb #44868 06/03/17 08:08 PM
Joined: Sep 2009
deniro Offline OP
OP Offline

Joined: Sep 2009
Well, this fix worked quickly. The Avast warnings disappeared after I unchecked the box "Turn UPnP on".

Re: Business class routers and security
deniro #44897 06/05/17 05:32 AM
Joined: Aug 2009
Likes: 1
Offline

Joined: Aug 2009
Likes: 1
Yes, business class routers do tend to be more secure. Regular consumer-grade routers are a nightmare of Biblical proportions; these so-called SOHO (small office/home office) routers like the ones you buy for $60 at Best Buy are so utterly insecure they're often referred to in the infosec community as "SOHOpeless."

The Register actually collects security articles about hopelessly insecure routers, like the ones here and here and here and here and here and...oh, you get the idea.

Consumer grade routers are often made in a hurry, with poor coding and little thought to security, and unfortunately, routers provided by ISPs are rarely better.

The problem isn't that the password they use isn't secure. The problem is that they will often carelessly have hard-coded passwords that can never be changed left in by sloppy developers who put them there for testing and debugging and then never took them out, or will be running Web server software (yes, your router has a Web server built in; that's why you can connect directly to it) that has flaws that allow you to bypass the password; or will have bugs in the authentication library that allow you to do things like type passwords that are too long, crashing the routine that checks the password and just allowing you to log right on.


It's a mess, because router makers simply do not care about security. They care about two things: price and speed to market. Security costs time and money. That time and money is wasted, because let's be honest, if you see a router at Best Buy for $60 and another router with the same specs sitting right next to it for $70, you're going to buy the $60 router, aren't you?


Photo gallery, all about me, and more: www.xeromag.com/franklin.html
Re: Business class routers and security
tacit #44907 06/05/17 03:53 PM
Joined: Aug 2009
Likes: 8
Online

Joined: Aug 2009
Likes: 8
Is there a middle ground: better than consumer class but not full-blown business class? Is there such a thing as "low end" business class?

Enquiring minds want to know. smirk


On a Mac since 1984.
Currently: 24" M1 iMac, M2 Pro Mac mini with 27" BenQ monitor, M2 Macbook Air, MacOS 14.x; iPhones, iPods (yes, still) and iPads.
Re: Business class routers and security
joemikeb #45048 06/09/17 07:53 AM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
Originally Posted By: joemikeb
Passwords and password length are only part of the issue. What type of password encryption is used? Some encryption schemes require the use of fixed length hexadecimal passwords (probably what your FiOS router is using), others accept passwords or phrases of almost any length. Some encryption schemes are easier to break than others. (Reference point)

Thanks for the detailed response, and sorry for taking so long to respond, but I wanted to first get down on my hands and knees, find my router's password, and poke around a bit

And having done so, I've seen nothing that looks like mucking around with it would improve my situation, nor did I see any settings that I can relate to your comments...probably as expected...nor am I going to upgrade from my Verizon router: I'm not ready to to succumb to what would be little more than paranoia at this point.

Your imparted expertise is (as always) very much appreciated, though. smile


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: Business class routers and security
Ira L #45050 06/09/17 01:58 PM
Joined: Aug 2009
Likes: 16
Moderator
Online
Moderator

Joined: Aug 2009
Likes: 16
Originally Posted By: Ira L
Is there a middle ground: better than consumer class but not full-blown business class? Is there such a thing as "low end" business class?

Enquiring minds want to know. smirk
I thought I had already replied to this, but perhaps I failed to hit Submit. The major vendors such as Cisco, Netgear, DLink, et. al. all have high end, more secure products ranging in the $200 to $300 price range. In spite of the comment about "Big Box" retailers, I found a near top of the line Netgear at Costco for $180. Immediately on setting it up it demanded to install a security patch that closed the latest router security gap.

The point is they are there if you are willing to pay the price in cash and time not only to purchase, but to learn how to configure them.


If we knew what it was we were doing, it wouldn't be called research, would it?

— Albert Einstein

Moderated by  alternaut, dianne, MacManiac 

Link Copied to Clipboard
Powered by UBB.threads™ PHP Forum Software 7.7.4
(Release build 20200307)
Responsive Width:

PHP: 7.4.33 Page Time: 0.023s Queries: 30 (0.018s) Memory: 0.6126 MB (Peak: 0.6993 MB) Data Comp: Zlib Server Time: 2024-03-28 21:03:02 UTC
Valid HTML 5 and Valid CSS