Quantcast
Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all articles
Browse latest Browse all 12749

Netgear (In)Security and their Failed Remote Management

$
0
0

I’ve been having issues with some home networking equipment and decided that after a couple of years, I needed to make some updates. I did my research and ultimately settled on the Netgear R8000. Not just because it looks dead sexy or because it’s called the Nighthawk, but because it had really great reviews and I’ve generally been on board with Netgear’s product quality and technology.

That is, until today.


Netgear (In)Security and their Failed Remote Management

Time out, in the corner, by Ken Wilcox

One of my biggest complaints about today’s networking equipment is that it really wants to be the only router in your house. It wants to be the command center. So if you have a couple of pieces of networking equipment, they both want to be in charge. I get it, most people will only have one, so it works just fine. I’m not most people, and I have a feeling that my camp is growing.

Anyway, I install the device and put it in Access Point mode. Once I do this, the ability to remotely manage the device goes away. There is a software “feature” that will disable the remote management capability when you put it in AP mode. Leave it in router mode and you can remotely manage all day long. So if I want to adjust the settings, I can’t do it from the wire or via VPN connection. I have to physically be on the WiFi network it is serving.

Aside from the obvious security implications of remote management over the internet, a long discussion with Netgear support resulted in a firm “Uhh, no. We meant it that way.” Kind of like Jerry meant for the Death Star to be an east-west stadium. Here’s the quote from Netgear:

Thank you for patiently waiting. Here’s the update from the Engineering team. This is not a bug or design flaw. The behavior that you are seeing is correct. This is how our device was designed with a purpose not to allow different domains/VLAN to access the admin page. Engineering has advised us that we will not be changing this behavior. We will keep the current implementation.

So, you can’t have different domains or VLANs accessing the admin page, UNLESS those different VLANs or domains are coming from the Internet while the device is in router mode, not AP mode. Sooooo, scary Internet is good, but safe home network is bad?

For shame, Netgear.

This post originally appeared on BrandenWilliams.com .

Viewing all articles
Browse latest Browse all 12749

Trending Articles