What's new

SmallNetBuilder - Secure By Default certification test

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

umarmung

Senior Member
As security concerns, cyberattack sophistication and the enormous and increasing attack surface of the Internet of Things (IoT) devices ramps up, has SmallNetBuilder considered adding a "Secure By Default" or some other very clear indication that a newly reviewed networking infrastructure device has an externally secure and securable WAN interface?

It does not have to include a full suite of security tests. In fact, that may be counter productive when both the main concern and the most powerful tool is simply that a device can be confirmed as not running any open services, and preferably no open ports on the WAN by default.

You could even slap a prominent logo or SNB Thumbs Up certification on the router (making clear which firmware it was tested on too).

This would add a lot of value both for new devices and existing review stock.

In short, the Internet seems to have a huge information gap. Between general security testers like GRC's Shields Up, including its Instant UPnP probe, who offer tests after the fact, i.e. when these devices are already deployed in the wild when its too late for most people and they are almost un-maintainable, versus the point at which even non-technical consumers are most active doing basic research into the market about the networking equivalent of which tactical nuke to bring home ...

Can SmallNetBuilder help?
 
I think part of the challenge is that the security and vuln landscape is constantly evolving - the tools that can be used only can only test against known threats, and even they need constant updating...

@thiggins did have a test box at one time that did check for certain security issues in reviews, but it's been some time back, and I'm not certain if that box is still on the bench.
 
I no longer have the CDRouter product from QA Cafe.

The best I could do would be to port scan the WAN port and report what is seen. I don't know if would be worth the effort.
 
I no longer have the CDRouter product from QA Cafe.

The best I could do would be to port scan the WAN port and report what is seen. I don't know if would be worth the effort.

A quick NMAP scan (or other tool like Metasploit) on both the WAN and LAN ports, but even then, that would only consist of things that the tool would know about...

I agree - not sure it's worth the effort (and risk, threats emerge every day)
 
i usually give a simple advice on how to check your router, usually involving a tedious scan and seeing if you can find anything but also not blocking the scan as well (for those firewall logic freaks).

All WAN interfaces need to be secured, and Access from LAN should be limited and planned. Make sure to block 0.0.0.0 and if you are worried about your router's implementation of a needed service (DNS, NTP, any other service), then have it run from another devices instead and port forward to that device if you have to. I also suggested on specific whitelisting for your router's services as well.

Truely theres no such thing as a security test and a sticker of approval to slap on as in order to be secure, one must take steps to ensure it as user level configuration is a big part of it not just the manufacturer.
However the one brand that i will scorn forever is dlink and im sure everyone here will agree about that. Even their services that came with some of their routers were exploitable too alongside various other vulnerabilities in their firmware.
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top