Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
   Compare ISP   Rate your ISP
Please login or register.

Login with username, password and session length
Advanced search  


Author Topic: Modem/Router Security Advice  (Read 2112 times)


  • Kitizen
  • ****
  • Posts: 4746
  • Retd sw dev; A&A; 3 ◊ 7km ADSL2; IPv6; Firebrick
Modem/Router Security Advice
« on: October 12, 2016, 04:10:52 PM »

[off-topic] Appeal regarding security. By the way, users who are setting up modems, or reconfiguring modem-routers to be straight modems, for example by following Kitzís helpful guide to the ZyXel, need to be really careful that they've secured the modem by setting an admin password on it to protect the web admin UI, telnet and anything else such as SSH from rogue users or malware if access to the modem is exposed on the LAN. If you can get to the modemís admin interfaces from the main LAN either by going through your router or going round it, then you have a potential problem.

Don't forget to secure your router too of course.

Even if there are never any untrusted users on you LAN then there have been large numbers of cases where rogue software has attacked routers and reconfigured them or even rewritten their o/s, with horrendous results.

My three modems are not secured at all, but are completely isolated from the main LAN by the router and so are inaccessible. (They don't have IP addresses in the LAN range, don't need IP addresses at all to speak PPPoE anyway, and the router doesn't forward to them either.)

Just change the default passwords to strong ones, ideally change the admin username to a non-default one too. And make sure that you've secured access to telnet, SSH, and everything else similarly, not just the admin web-UI. What else have I forgotten? (SNMP?) Test it by trying to access the various services from the LAN.

To be on the safe side, best to try accessing the modem and the routerís services and admin interfaces from the internet too, as there have been quite a few devices with a defective configuration. (Eg. some ZyXel and DLink models.)

[Perhaps an admin might consider putting this note in a more prominent place, if you think it's useful. A very short reminder/health warning with Kitzís good ZyXel article might be considered too.]

[Moderator note: This post has been split off from the original thread and given "sticky" status.]
« Last Edit: November 20, 2016, 05:44:54 PM by burakkucat »