Re: Network security, passwords and keys

[Micky]

All this time I've been thinking that if WEP or WPA-PSK enabled and a
proper key, I have adequate router security.

But in a moment of possible enlightenment, it occurred to me that if
an interloper can log into my router, he can change the key so that
iiuc I won't be able to use the net. That's bad, right?

And if I haven't set a router password, he can set one, and then I
would have run around in circles for an hour not understanding why I
couldn't call up my router page. (Even now it will take me a half
hour to figure out I have to push the reset button on the router,
right? And then I have to get my two wireless things connected
again. More wasted time.)

So do you all have a password for logging into your router?

With a new router, the router password has to be set first, I think,
or an aggressive interloper will change the encryption key. Does
this happen?

Thanks

[rickman]

I'm pretty sure the access to the user page in the router is only
available on the LAN side unless you turn on access from the WAN side. No?

--

Rick

[Micky]

Something I was reading also suggested this, but I checked before
posting and I can get there and change a setting from my laptop. I
don't see a place to turn it on or off, and I surely didn't turn it
on, but otoh, the router is about 8 years old (although it says the
firmware is almost 11 years old**.) Maybe D-Link hadn't thought of
this yet.

**Could a router come with firmware 3 years old? Maybe I bought the
router used and don't remember. I don't remember where I bought it at
all, new or used.

[Paul]

Sadly, no.

I ran into an individual, who was working with a brand new router,
and that one had access from the WAN side.

It turned out, the hardware company that made the router, were using
the *sample* firmware from the chipset maker. And the hardware company
had not added one ounce of extra code to the thing, tightened up the
configuration, or a damn thing. It was like a piece of crap they
had just got working on their lab bench.

The end result, is there are some hilariously in-secure products
out there. Just waiting for 12 year old script kiddies to find.

I don't think you will find name-brand equipment that badly
configured, but there can still be problems with the name-brand
stuff. One problem, for example, was related to the fact that
a large number of products were using a third-party firmware,
so the manufacturer didn't have to write/edit each design,
and they were using that firmware as their product firmware.
And once an exploit is uncovered for a "common" firmware
like that, it means a whole bunch of different brands/models can
be tipped over at the same time. The ideal situation would
be if all the firmwares were unique, with a unique bug in each
one, so only one model number would tip over at a time :-)

Paul

[rickman]

Oh, so you have no security on your wifi? That's on the LAN side.
Maybe I missed the significance of your initial statement. Are you
talking about insecure wifi? Why not use the highest security on the
wifi you can? You are talking about not having access for an hour or
two it would take you to figure out the problem and fix it. If you use
a high security protocol they will just go away and break into someone
else's router.

--

Rick