Router Security Router Resources Website by     
Michael Horowitz 
Home | Site Index | Router Bugs | Security Checklist | Tests | Resources | Stats | About | Search |
I will be speaking about Router Security at the O'Reilly Security Conference in New York City at the midtown Hilton Hotel (Sixth Ave and 53rd Street). The conference runs from Oct. 30 to Nov. 1, 2017. I am slated for Nov 1st at 3:50pm in the Sutton South room on the second floor.

Table of Contents
Security AdvisoriesEmulators
More stuff from meSelf Updating Routers
Consumer Router Alternatives  Third Party Firmware
TOR and VPN Client RoutersVPN Client Routers
TOR RoutersJust Released Routers
Coming soon. Maybe.Default Router Passwords
Other Router Security AdviceAdding a router to a gateway
Addon Security DevicesAssorted Resources

Security Advisories from router vendors

Emulators - kick the tires on a routers web interface  top

More stuff from me  top

Self-updating Routers   top

Since many router owners do not update the firmware, a router that self-updates is, almost always, a good thing. Not that it doesn't leave other problems, but one less is one less. This list is, no doubt, incomplete. And, the view that self-updating is always good is overly simplistic. The Security Checklist page has the details on what to look for. The Routers with Self Updating Firmware page has details on how some vendors compare to this checklist.

Consumer Router Alternatives   top

Third Party Firmware   top

TOR and VPN Client Routers   top

VPN Client Routers   top

When most consumers encounter a VPN router, they are dealing with a router that can function as a VPN server. Much more interesting, to me, are the very few routers that can function as VPN clients. That is, the software necessary to connect to a VPN server, is built into the firmware. Very few routers, running the software they shipped with, can function as a VPN client. However, alternate firmware, such as DD-WRT and Tomato, do include VPN client software. Complicating things, however, are the multiple types of VPN. The most popular seem to be OpenVPN, L2TP/IPsec and PPTP with PPTP being the worst option as it is the least secure. HowToGeek wrote about this in July 2015.

TOR Routers   top

A word of warning about running Tor on a router from Matt Casperson: "Tor is only as secure as those applications whose data it is transferring, and one of the benefits of the Tor bundle is a browser that has disabled a number of plugins that are known to leak identifiable information."

Just Released Routers   top

Hot off the router presses.

Coming soon. Maybe.   top

A number of security devices are planned. Some are routers, others sit between your router and modem and yet others can plug into a router. These upcoming security devices are getting some press attention. See These Devices Are Trying To Secure The Internet of (Hackable) Things by Lorenzo Franceschi-Biccheirai (Jan. 8, 2016 at Motherboard). This list is in no particular sequence.

Default Router Passwords   top

Other Router Security Advice   top

The configuration suggestions offered on this site are far more comprehensive than you will find in any one article. That said, here are some other articles on router security.

Adding a router to a gateway   top

Add-on Security Devices   top

Many devices are sold that claim to add security to an existing network. This section was added Sept. 26, 2017 and is incomplete, to say the least.

Perhaps the first such device was the Bitdender box, a home network security appliance. David Strom reviewed it in June 2015: Bitdefender Box Review: Pandora Had Fewer Problems. At the time it cost $199 to purchase and $99/year to own. In August 2017, it was reviewed by Doug Reid at The box has two 100Mbps Ethernet ports and 2.4GHz Wi-Fi and includes a Bitdefender software subscription. However, it only inspects outbound traffic and is hard to install. It needs to be the DHCP server for the LAN and it sets itself as the default gateway, even when working with an existing router. Outbound connections are checked by the Bitdefender cloud. If a URL is considered malicious, it is blocked and a message appears in the mobile app. The thing also scans the LAN for devices with security flaws. The box does not detect DoS attacks either incoming or outgoing. At the time, it sold for $130.

Like Dojo, the Cujo also sits between your router and modem (logically or physically) and offers security protection (but no privacy protection). It is billed as a smart firewall. The original plan was for it to offer firewall, anti-malware, antivirus, deep-packet inspection and machine learning protection. Only some of these features were in the first release. Steve Gibson pointed out in July 2016 that it can run in either Gateway mode or Bridge mode. The new mode lets it plug into a LAN port of your router. So, how does it then intercept LAN traffic? It does an ARP spoofing attack on your LAN. Quoting the company "We send packet header data (but not full packets) to our cloud to analyze device behavior, compare your traffic to commercial threat intelligence feeds, and to make sure that unauthorized IP's do not connect to your network." And, this: "CUJO analyzes your local network traffic data locally and in real time. It then sends statistics on that data to the cloud for further analysis ... we don't send the contents of those packets to the cloud. If a threat or suspicious activity is detected, CUJO will tell the cloud what it has blocked so you can receive a notification on your mobile app to confirm it." The pre-order price was $99 and the first models were expected to ship in March 2016. As of April 19, 2016, the expected ship date was end of May 2016. The devices actually shipped in July 2016 for $99 with 6 months of service included. Afterwards, service is $9/month. SmallNetBuilder first reviewed it in Sept 2016, then again June 2017. See CUJO Smart Internet Firewall - Second Look by Doug Reid. In the cloud CUJO keeps tracks of bad IP address. It is also aware of normal device behavior.

Assorted Resources   top

This page was last updated: October 17, 2017 2PM CT     
Created: March 29, 2015
Viewed 38,598 times since March 29, 2015
(41/day over 939 days)     
Website by Michael Horowitz      
Feedback: routers __at__ michaelhorowitz dot com  
Copyright 2015 - 2017