And that's not something you want with a router. With product lifecycles becoming shorter and shorter across the industry, you might end up buying a product released two years ago that will reach end-of-support in one year or in several months. It's also important to determine, if possible, how long a device will continue to receive firmware updates after you buy it. Look at the disclosure timelines in those reports to see how fast the companies developed and released patches after being notified of a vulnerability. Research the company’s security track record: How did it handle vulnerabilities being discovered in its products in the past? How quickly did it release patches? Does it have a dedicated contact for handling security reports? Does it have a vulnerability disclosure policy or does it run a bug bounty program? Use Google to search for terms like “ router vulnerability” or “ router exploit” and read past reports from security researchers about how they interacted with those companies. However, once you get your list down to a few candidates, it's important to choose a device from a manufacturer that takes security seriously. The market for home and small office routers is very diverse so choosing the right router will depend on budget, the space that needs to be covered by its wireless signal, the type of internet connection you have, and other desired features like USB ports for attached storage, etc. Also, ask if your ISP's device is remotely managed and if you can opt out and disable that service. Bridge mode disables routing functionality in favor of your own device. If your internet provider doesn't allow you to bring your own device onto its network, at least ask if their device can be configured in bridge mode and if you can install your own router behind it. Read more: The Motherboard Guide to Not Getting Hacked ![]() There are also more subtle device lock-ins where ISPs allow users to install their own devices, but certain services like VoIP will not work without an ISP-supplied device. In the US, regulations by the Federal Communications Commission (FCC) are supposed to prevent this, but it can still happen. ![]() ![]() Whether users can be forced to use a particular modem or router by their ISP varies from country to country. Furthermore, users cannot disable remote access because they're often not given full administrative control over such devices. Some ISPs force users to use gateway devices they supply because they come pre-configured for remote assistance and there have been many cases when those remote management features have been poorly implemented, leaving devices open to hacking. This means that security issues can take a very long time to fix and in some cases, they never get patched. Those devices are typically manufactured in bulk by companies in China and elsewhere and they come with customized firmware that the ISPs might not fully control. If you prefer getting a cheaper router or modem that you can tweak to your needs, avoid getting one from your ISP. If you don’t want to get one of those, or already have a router, follow along for a detailed, step-by-step guide on how to secure it. Ultimately, their users need to trust the vendors to do the right thing. The downside is that those routers are expensive, some require annual subscriptions for certain services, and their level of customization is very limited. For less technical users, it might simply be easier to buy a security-focused router with automatic updates such as the Eero, Google OnHub, Norton Core, Bitdefender Box, or F-Secure Sense. Many of those actions are quite basic, but others require a bit of technical knowledge and some understanding of networking concepts. That said, there are certain actions that users can take to considerably decrease the likelihood of their routers falling victim to automated attacks. Unfortunately, most routers are black boxes and users have little control over their software and configurations, especially when it comes to devices supplied by internet service providers to their customers. ![]() And compared to your laptop or phone, your router doesn't have an antivirus program or other security software to protect it. Because it's exposed directly to the outside world, your router is frequently targeted by automated scans, probes and exploits, even if you don't see those attacks.
0 Comments
Leave a Reply. |