1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

Are ASUS remote connetions Secure

Discussion in 'ASUS Wireless' started by Col8eral, Apr 22, 2018.

  1. Col8eral

    Col8eral Occasional Visitor

    Joined:
    Jan 26, 2017
    Messages:
    42
    I have an ASUS RT-AC88U router. Ive been exploring some of the remote connect features and wondered how secure they are. I really like some of these features but before exposing my home network to the big bad world i wondered if people could share their thoughts on how secure they are.

    Here's the features I'm referring to:

    SSH Connection

    Under admin>system there is an ability to switch on SSH as well as select LAN or WAN connectivity. Once enabled I can connection the router and the USB attached storage using sftp . Is this secure?

    AiCloid 2.0

    Cloud disk lets me access files on USB attached storage is a DDNS https link. Is this secure?
    Smart access lets me connect to other devices on my network via the same DDNS https link.

    USB Application

    SAMBA. I assume this is LAN only so protected from the outside world?
    ftp Share. if enabled this lets me access my USB attached storage via ftp link through the DDNS service. Is this secure?

    looking forward to your thoughts and experinces
     
  2. Please support SNBForums! Just click on this link before you buy something from Amazon and we'll get a small commission on anything you buy. Thanks!
  3. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    5,169
    Location:
    UK
    How secure are they? I suppose the answer would be, "as secure as the time it takes to find the next vulnerability".

    The SSH server is dropbear. As far as I know it's pretty secure.
    No idea.

    USB Application
    Samba should never be exposed to the internet (I don't believe that's an option), unless it's tunnelled through a VPN, etc. It is inherently a LAN protocol.
    Whilst the ftp server (vsftpd) is pretty robust, the normal FTP protocol is totally insecure. All data including user names and passwords are sent over the wire in plain text. Man in the middle attacks are trivial. Merlin added support for TLS encryption, so that should be fairly secure.
     
  4. Col8eral

    Col8eral Occasional Visitor

    Joined:
    Jan 26, 2017
    Messages:
    42

    Thank you colin. In regard to ftp I notice that TLS is switched off by default. I dont know anything about network security. Would enabling TLS for ftp meaan it is as secure as sftp?
     
  5. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    5,169
    Location:
    UK
    In terms of encryption I think they'd be about the same (although I'm not an encryption expert). But it should be secure enough for the average home user. I don't think the NSA/FSB are interested in you enough for them to dedicate their resources to hacking your traffic.:D

    The actual problem is vulnerabilities in how it is implemented. On the face of it opening up HTTPS to the router should be secure. But as we have seen time and again it isn't. That's not a problem with HTTPS, it's a problem with the code that implements it. Likewise, OpenSSL was regarded as the gold standard for encryption and then the Heartbleed bug was discovered. Again, a bug in the implementation of TLS not the protocol itself.

    What protocol you use is usually dictated by what you want to do at the client end. There's no point setting up an FTP server if you actually want command line access to the router (FTP doesn't support that). Likewise, there's no point setting up a VPN server if the person that needs access doesn't have a VPN client (or the ability to install and configure it).
     
  6. RMerlin

    RMerlin Super Moderator

    Joined:
    Apr 14, 2012
    Messages:
    26,930
    Location:
    Canada
    SSH, OpenVPN and IPSec (on supported models) are the only remote access methods I would trust enough to use. No idea how secure AiCloud is since it's proprietary closed source code, and the FTP server is old (and under Asus stock firmware it doesn't even support TLS, so everything is unencrypted).

    Samba support is limited to LAN-side.
     
  7. Col8eral

    Col8eral Occasional Visitor

    Joined:
    Jan 26, 2017
    Messages:
    42
    Haha. You never know my holiday snaps might be important to national security!
    Im not using the stock firmware and their is an option to enable TLS.

    My main requirements are quite simple:

    1. allow me to upload and retrieve files remotely. Looks like I'll be best using the SSH for sftp and use a client like WinCP. An open question - am i better off using username and password or using a private key?

    2. all me and family to auto sync pictures from their android phones to keep back up. I assume I can use the same method as 1. above. Just need to find a good android app to do the job. I'd prefer it to sync automatically, to make it a fire and forget feature

    3. I'd like to be able to provide my children with remote access for backup storage for school and university work. The problem I face here is they wont use WinCP. I need to find a way to make it simple for them but maintain some sort of security.
     
  8. RMerlin

    RMerlin Super Moderator

    Joined:
    Apr 14, 2012
    Messages:
    26,930
    Location:
    Canada
    Private keys are always much more secure.
     
  9. LukeH

    LukeH Occasional Visitor

    Joined:
    Apr 9, 2015
    Messages:
    29
    For #1 and #3 you could try https://hqt.ro/owncloud-through-lighttpd-entware-ng/ (if you put chrooted debian from the same site guides it can be installed with apt-get) and use it trough it's web interface. For #2 possibly it's android client would be useful but as far as I remember that piece is not free.
    Can't give an educated advice on it's security as myself I always used it with VPN only - which probably won't work with your #3 but ok for the others.
     
Please support SNBForums! Just click on this link before you buy something from Amazon and we'll get a small commission on anything you buy. Thanks!