What's new
By:

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Could a router be hacked from WAN end if firmware always up to date, no portwarding, no upnp and wifi disabled.

J

johnqhu

Occasional Visitor
Hi,

I'm trying to setup some servers to host some applications which I can access from Internet. So, some ports of my router may need to be open to public. Of course, I'll try to implement reverse proxy, https and firewall to make is as safe as possible.

But to further secure my important data, I'm considering split my home network into two layers. What I have now are one asus rt-ac86u router and one synology rt2600ac routers. I think they both are just consumer routers.

I'm planning to put Synology router for Internet connection. Its WAN holds public IP address, and the LAN subnet is set to 192.168.1.0/24. The servers I want to access from Internet are in this subnet. Port forwarding has to be enabled for the Synology router.

The Asus router is behind the Synology router. Its WAN is in Asus router LAN subnet, for example, the WAN IP address is set to 192.168.1.100 and its LAN subnet is set to 192.168.10.0/24. All my working PCs and NAS are in this subnet. Wifi, port forwarding and upnp of Asus router are all disabled. The default admin account also changed. And let's assume the firmware of the routers are always up to date.

So, my question is:
1. If somehow my Synology router was hacked because of the port forwarding, could the hacker be able to further hack my Asus router?
2. If the answer of the first question is Yes. Then comparing to just put the Asus router facing Internet (no upnp, no port forwarding, no server could be accessed from internet), does the data behind the Asus router have the same security for both scenario? I just care the security of my working PC and NAS data. The servers are not important.

Thanks,
 
Everybody ends up with software bugs. You have to pick a company and trust them.
It is one of the reasons I use Cisco.
 
johnqhu said:
Hi,

I'm trying to setup some servers to host some applications which I can access from Internet. So, some ports of my router may need to be open to public. Of course, I'll try to implement reverse proxy, https and firewall to make is as safe as possible.

But to further secure my important data, I'm considering split my home network into two layers. What I have now are one asus rt-ac86u router and one synology rt2600ac routers. I think they both are just consumer routers.

I'm planning to put Synology router for Internet connection. Its WAN holds public IP address, and the LAN subnet is set to 192.168.1.0/24. The servers I want to access from Internet are in this subnet. Port forwarding has to be enabled for the Synology router.

The Asus router is behind the Synology router. Its WAN is in Asus router LAN subnet, for example, the WAN IP address is set to 192.168.1.100 and its LAN subnet is set to 192.168.10.0/24. All my working PCs and NAS are in this subnet. Wifi, port forwarding and upnp of Asus router are all disabled. The default admin account also changed. And let's assume the firmware of the routers are always up to date.

So, my question is:
1. If somehow my Synology router was hacked because of the port forwarding, could the hacker be able to further hack my Asus router?
2. If the answer of the first question is Yes. Then comparing to just put the Asus router facing Internet (no upnp, no port forwarding, no server could be accessed from internet), does the data behind the Asus router have the same security for both scenario? I just care the security of my working PC and NAS data. The servers are not important.

Thanks,
Click to expand...
1. Yes.
2. No matter what you do, the server makes your system get hacked.

Don't expect anything with consumer grade network devices.
 
coxhaus said:
It is one of the reasons I use Cisco.
Click to expand...
Even Cisco has issues ... and of course they aren't consumer-grade.
arstechnica.com

“Cisco buried the lede.” >10,000 network devices backdoored through unpatched 0-day

An unknown threat actor is exploiting the vulnerability to create admin accounts.
arstechnica.com arstechnica.com
www.tomshardware.com

Backdoors Keep Appearing In Cisco's Routers

Five different backdoors were found in Cisco's software this year, and Cisco's history with backdoors goes back many years.
www.tomshardware.com www.tomshardware.com
www.bleepingcomputer.com

US and Japan warn of Chinese hackers backdooring Cisco routers

A joint cybersecurity advisory by the FBI, NSA, CISA, and the Japanese NISC (cybersecurity) and NPA (police) sheds light on the techniques the Chinese threat actors known as BlackTech use to attack Japanese and U.S. organizations.
www.bleepingcomputer.com www.bleepingcomputer.com
techcrunch.com

Hackers exploit zero-day to compromise tens of thousands of Cisco devices | TechCrunch

Hackers have exploited an unpatched zero-day vulnerability in Cisco’s networking software to compromise tens of thousands of devices, researchers have
techcrunch.com techcrunch.com
 
Cisco is probably the most hacked network devices in the world. But Cisco fixes things as they come up fairly quickly. Better than most.
 
You must log in or register to reply here.

Similar threads

M
How to NAT traffic inbound to a specific host or network ?
Replies
6
Views
402
mekabe remain
M
Philip Bondi
HOWTO: Bell Fibe with Private Cloud; port forwarding; email, web & Plex servers running!
Replies
1
Views
159
Philip Bondi
Philip Bondi
P
Need help testing a peculiar configuration
Replies
2
Views
195
Patrick9876
P
H
New ISP router has no guest network. How to separate IOT devices?
Replies
5
Views
291
tgl
T
R
Disable Intranet access for a LAN port (not the WiFi Guest network)?
Replies
13
Views
836
Tech9
Tech9
Similar threads
Thread starter Title Forum Replies Date
Zakalwe Router [AX-86U] Hacked General Network Security 18
M How to prevent being hacked again - Router & devices? 😢 General Network Security 24
O US lawmakers urge probe of WiFi router maker TP-Link over fears of Chinese cyber attacks General Network Security 14
J CSA rates router security and lifespan General Network Security 5

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Members online

Total: 591 (members: 19, guests: 572)
Back
Top