Indeed. Gateway security. Everything else is mostly theatrics. I love it when a 'security' conscious dude drops a $19 Netgear on his Gateway, then spends days, even weeks, and $$$ locking down individual desktops..
Most simple solution. But then DNS can be 'easily' hijacked by malware on individual systems. I actually like to disable DNSClient, and Asynchronous browser DNS, or you could use DNS Zones on AD, or use a DNS forwarded with validation. But for consumers? They are toast either way..
I haven't covered all of the articles as I'm now busy, but it seems most attack will be prevented by setting strong password for router and disabling javascript. Remember, there're still ways to attack your router w/out script and that is CSRF, tho many CSRF utilize script. There're many ways to prevent CSRF, Noscript's ABE, RequestPolicy, Policeman, CSFire, uMatrix, etc.. If you don't want to use those addons and still prefer using browser-accessible router GUI then use dedicated browser different from your everyday browsing to access your router config with private mode, and never go to other site when you're logging in.
Lots of ways to secure router. 1) Assign dedicated port on it's own subnet for admin, then adjust IPv4 settings on laptop to match, and plug that into router for admin. 2) Assign odd port to router admin, disable admin from WAN. 3) Enable MAC restricted, or IP restricted Admin Access. 4) Console Only admin. On some high security areas we work the UTM has a port, such as Port 4 on the UTM with it's own subnet, and admin is restricted to THAT port only on THAT local subnet. So in effect the UTM cannot be accessed unless you physically take a laptop, adjust it to match the subnet, and plug it directly into that specific port, and then enter the credentials. You can also get really crazy.. Having 'windows' where admin access is permitted, such as only from 4pm-5pm each day, any other time it's 100% DENY/ALL. Or you can use a combination of things for ultimate security.
hi but a firmware update or a reset should fix it ? or even a reset and reload a clean configuration?
I can't say I know enough about this to know if it is a persistent infection to accurately answer that. I doubt I would trust a reset. Hopefully someone that knows more about it can answer.
No, these attacks do not actually infect your router. They are CSRF and similar script-based attacks, not sth like common malware on your PC. You don't need to clean or disinfect router, but if you're affected then change router password to very strong one, and change your browsing habit e.g. do not go other website when you're logging in, periodically deleta cookies, also keep up-to-date in all your software on devices as well as router firmware etc. From a link in the link:
Keys words being "configuration requests". The scenario involves changes being made to the router, so it would require attention. Questions: What was changed and what do you have to do to fix it? If the exploit only changed user-visible settings, you could go in and change them back. However, what if less obvious changes were [also] made? There are too many different routers, firmware versions, and types of attacks to rule that out across the board. Especially if the scenario involves a router that can download updates on its own or involves a more sophisticated type of attack via cooperative local machine. Absent specifics that would justify a simpler approach, perhaps it would be wise to at least reset back to and/or reinstall known-good firmware and manually configure it again. On the other hand, if you did have reason to suspect that the firmware had been tampered with, you'd have to try to determine if there is a reliable way to verify the firmware and if necessary get back to a good build. If you can't establish that it is possible, the device must be written off for good.
That's valid! I completely forgot about it despite the article mentioned DNS setting change. And I know some router don't give all settings in GUI thus I have to connect via telnet. So at least router reset is strongly recommended. But as to firmware modification, at least mentioned attacks are not relevant and common criminals won't/can't do that for a time. That can only happen in some targeted attack.
