Pounce Posted May 24, 2018 Share Posted May 24, 2018 32 minutes ago, Cyknight said: due to the lack of PIM multicasting. Do you know if this is only an issue when VLAN's are involved? Link to comment Share on other sites More sharing options...
C4 User Posted May 24, 2018 Share Posted May 24, 2018 44 minutes ago, Pounce said: If you are doing this what are you using? I use SonicWall. I am sure there are other options out there. Link to comment Share on other sites More sharing options...
CFUG Posted May 24, 2018 Share Posted May 24, 2018 1 hour ago, C4 User said: In addition to deep packet scanning, in today’s world, I recommend a security device that is able to scan encrypted traffic too. As the hacks are starting to use HTTPS sites.... Yes. Again, a quality threat management appliance will stream-scan both http and https. Link to comment Share on other sites More sharing options...
Pounce Posted May 24, 2018 Share Posted May 24, 2018 3 minutes ago, CFUG said: Yes. Again, a quality threat management appliance will stream-scan both http and https. Yes and no. Very few will do SSL and when you do it you REALLY have to trust it. Link to comment Share on other sites More sharing options...
C4 User Posted May 24, 2018 Share Posted May 24, 2018 12 minutes ago, Pounce said: Yes and no. Very few will do SSL and when you do it you REALLY have to trust it. Yap! Link to comment Share on other sites More sharing options...
CFUG Posted May 24, 2018 Share Posted May 24, 2018 I'm aware. Link to comment Share on other sites More sharing options...
lippavisual Posted May 24, 2018 Share Posted May 24, 2018 For a home, I don't see the need for separate security/firewall device. If you purchase a great router from the start, you'd have all those features built-in on one device and the tools needed for any network inspection. Vote: Mikrotik Link to comment Share on other sites More sharing options...
ecschnei Posted May 24, 2018 Share Posted May 24, 2018 For a home, I don't see the need for separate security/firewall device. If you purchase a great router from the start, you'd have all those features built-in on one device and the tools needed for any network inspection. Vote: Mikrotik Mikrotek is one of the named as vulnerable. I'm sure they will fix it... Sent from my SAMSUNG-SM-G920A using Tapatalk Link to comment Share on other sites More sharing options...
lippavisual Posted May 24, 2018 Share Posted May 24, 2018 4 minutes ago, ecschnei said: Mikrotek is one of the named as vulnerable. I'm sure they will fix it... Sent from my SAMSUNG-SM-G920A using Tapatalk The only reason it would be on the list, is because someone thought they knew what they were doing and didn't properly protect the router. There is a "quick setup" option with them, but it does not fully lock down everything. That has to be done manually. Link to comment Share on other sites More sharing options...
janthony6 Posted May 24, 2018 Share Posted May 24, 2018 USG Pro. Link to comment Share on other sites More sharing options...
Pounce Posted May 24, 2018 Share Posted May 24, 2018 2 hours ago, lippavisual said: The only reason it would be on the list, is because someone thought they knew what they were doing and didn't properly protect the router. There is a "quick setup" option with them, but it does not fully lock down everything. That has to be done manually. For reference in case anyone is running RouterOS and relying on it's firewall. https://forum.mikrotik.com/viewtopic.php?t=132499 Link to comment Share on other sites More sharing options...
lippavisual Posted May 24, 2018 Share Posted May 24, 2018 Thanks for that Pounce. Link to comment Share on other sites More sharing options...
Cyknight Posted May 24, 2018 Share Posted May 24, 2018 5 hours ago, Pounce said: Do you know if this is only an issue when VLAN's are involved? I'm not going to claim ANY specifics or details beyond what I said. I already mentioned I've seen no issues personally, but that I've not used any mentionable number of UBQT gear to really have an opinion. Just wanted to point out the fact of the 'blacklisting' Link to comment Share on other sites More sharing options...
Pounce Posted May 24, 2018 Share Posted May 24, 2018 No worries. I was just curious. I see from communications that Ubiquiti and C4 are discussing. I just thought that the feature is probably only potentially needed when there are VLAN's present. I'm not sure of the percentage of sites where VLAN's are leveraged. Link to comment Share on other sites More sharing options...
C4 User Posted May 26, 2018 Share Posted May 26, 2018 Below is from a recent article published on Drudge Report regarding Russian hacking of home and small business networks. Many of the more common lower end devices are listed as vulnerable. In obtaining the court order, the Justice Department said the hackers involved were in a group called Sofacy that answered to the Russian government. Sofacy, also known as APT28 and Fancy Bear, has been blamed for many of the most dramatic Russian hacks, including that of the Democratic National Committee during the 2016 U.S. presidential campaign. Earlier, Cisco Systems Inc said the hacking campaign targeted devices from Belkin International’s Linksys, MikroTik, Netgear Inc, TP-Link and QNAP. Link to comment Share on other sites More sharing options...
pinkoos Posted May 28, 2018 Author Share Posted May 28, 2018 Thanks for the replies regarding new network gear, I was traveling so only now got a chance to check in. Looks like there are many options out there that I hadn't heard of and that I will need to look into. Thanks again. Link to comment Share on other sites More sharing options...
88Tiger88 Posted June 3, 2018 Share Posted June 3, 2018 On 5/24/2018 at 7:43 AM, Cyknight said: With the clear underscore that I have not seen any issues whatsoever to date myself (though I haven't used it much) - please take note that Ubiquity is in fact on Control4's do not use list due to the lack of PIM multicasting. In the same vein, note that any repeater use (mesh or otherwise) is also against C4 recommendation (this does NOT include Mesh systems using all hardwired APs!!!) Google and Eero are also on the do-not use list, though in general I wouldn't recommend ANY consumer class router for Control4. i assume PIM multicasting is for VLAN configuration, if just flat configuration without different VLAN, is that still be issue for no PIM multicasting support? Link to comment Share on other sites More sharing options...
88Tiger88 Posted June 3, 2018 Share Posted June 3, 2018 On 5/24/2018 at 2:08 PM, Cyknight said: I'm not going to claim ANY specifics or details beyond what I said. I already mentioned I've seen no issues personally, but that I've not used any mentionable number of UBQT gear to really have an opinion. Just wanted to point out the fact of the 'blacklisting' looks issues are known within C4 community " but most routers you'd find in a residential setting where Control4 would be used are in the same boat there. Likely most such installs are all on the same network where the router's PIM support isn't relevant. " https://community.ubnt.com/t5/UniFi-Wireless/Unifi-Made-Control4-s-Do-Not-Use-List-PIM-Support/td-p/2288539 Link to comment Share on other sites More sharing options...
Mike_S101 Posted June 11, 2018 Share Posted June 11, 2018 On 5/24/2018 at 4:17 PM, Pounce said: Use a security appliance from a major company. Please could you give some examples Pounce Would rather not invent the wheel if we the experienced people on this forum Link to comment Share on other sites More sharing options...
Pounce Posted June 11, 2018 Share Posted June 11, 2018 7 hours ago, Mike_S101 said: Please could you give some examples Pounce Would rather not invent the wheel if we the experienced people on this forum Ubiquiti USG's and SonicWall have been mentioned. Fortinet is another. It's not that these are immune to issues, but the larger companies are going to have fixes turned around faster. Link to comment Share on other sites More sharing options...
thegreatheed Posted June 11, 2018 Share Posted June 11, 2018 Wasn't the router malware issue limited to routers with default credentials and remote management turned on? That's the impression I got when I read about it.https://www.symantec.com/blogs/threat-intelligence/vpnfilter-iot-malware In other words, "don't be stupid", twice. Link to comment Share on other sites More sharing options...
Pounce Posted June 11, 2018 Share Posted June 11, 2018 20 minutes ago, thegreatheed said: Wasn't the router malware issue limited to routers with default credentials and remote management turned on? I am not sure if the actual vector is public. Pretty consistent to recommend changing default passwords and keeping firmware updated. https://arstechnica.com/information-technology/2018/06/vpnfilter-malware-infecting-50000-devices-is-worse-than-we-thought/#p3 Link to comment Share on other sites More sharing options...
thegreatheed Posted June 11, 2018 Share Posted June 11, 2018 Comment on that article: "As far as the infection method used to install VPNFilter, the vulnerabilities are different for every model and firmware combination. But they're believed to be known flaws that have already been patched.So what can you do to protect your devices from getting VPNFilter, or any other malicious software? 1) Don't expose administrative interfaces or services to the Internet. Just don't. It's really hard for security professionals to do this, meaning it's basically impossible for regular users. So don't enable remote administration of your router, and don't share your NAS with the Internet. 2) Keep it up to date. Vendors fix vulnerabilities, but that doesn't help you if you don't patch them." Link to comment Share on other sites More sharing options...
lippavisual Posted June 11, 2018 Share Posted June 11, 2018 6 minutes ago, thegreatheed said: Comment on that article: "As far as the infection method used to install VPNFilter, the vulnerabilities are different for every model and firmware combination. But they're believed to be known flaws that have already been patched.So what can you do to protect your devices from getting VPNFilter, or any other malicious software? 1) Don't expose administrative interfaces or services to the Internet. Just don't. It's really hard for security professionals to do this, meaning it's basically impossible for regular users. So don't enable remote administration of your router, and don't share your NAS with the Internet. 2) Keep it up to date. Vendors fix vulnerabilities, but that doesn't help you if you don't patch them." This is correct. Basically, if you just bought a router off the shelf, plugged it in and off to the races, you're vulnerable. Any integrator here that offers networking services and performs those services correctly, you shouldn't have any problems with this BS. Now for Mikrotik, I only use a Windows program called Winbox to connect to my routers. I disable all remote administration services like telnet, ftp, ssh, web gui (port 80), etc, and only leave winbox port open. This, coupled with a strong username and password is extremely difficult to hack into, especially for moderate home users. Link to comment Share on other sites More sharing options...
Pounce Posted June 11, 2018 Share Posted June 11, 2018 Again, the actual attack vector is not mentioned. Mentioning to set passwords, managing remote admin and keeping firmware up to date is just plain basic security. You can do ALL of those things and still be vulnerable. This is simple logic. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.