Router Security Avoid Consumer Routers Website by     
Michael Horowitz 
Home Site Index Bugs News Security Checklist Tests DNS Resources Stats Search Popular Pages
Also see my Defensive Computing Checklist website
 

I am not alone in pointing out the sad state of consumer router software/firmware.

Finally, consider what Craig Young of Tripwire said in April 2015 regarding consumer routers.

"Many of the vendors in this space have a difficult time justifying additional engineering time to fix security flaws ... our research did not reveal any strong correlation between the selling price of a router and its relative security ... paying more for a router does not mean the vendor will be any more responsive to vulnerability reports ... If you want to pay for a more secure experience, ideally you want to skip the SOHO market entirely and jump right into enterprise gear. Vendors selling real enterprise products generally have well resourced security teams to evaluate and respond to threats. In the enterprise space there is far more concern placed on having a reputation for good security since the risks are typically much higher for business users. Ironically with the increase of feature sets on home routers, the price difference between enterprise and SOHO is eroding."

October 24, 2015: The German government, concerned about poorly secured routers, is considering a security rating system for routers. Using a checklist somewhat analogous to mine, routers will be given points for features that increase security. See German Govt mulls security standards for SOHOpeless routers. Sadly, the article says that "Routers that advise users of an available firmware update on login to the web admin interface are winners". So, having a router company email their customers when there is new firmware is something we can't even hope for?



Top 
Page Created: June 4, 2015      
Last Updated: January 6, 2023 1AM CT
Viewed 49,182 times
(14/day over 3,410 days)     
Website by Michael Horowitz      
Feedback: routers __at__ michaelhorowitz dot com  
Changelog
Copyright 2015 - 2024