How safe it is to open admin access from WAN ?

[VadimPanov]

Did anyone test RT-N66U? How does it stay against attacks? Brutforce and so on?

Thanks,
Vadim

 

[hotsauce2007]

Did anyone test RT-N66U? How does it stay against attacks? Brutforce and so on?

Thanks,
Vadim

I want to know the same, no google results at all, maybe we can run a test using some tools of it?

 

[OMNI619]

I use the ASUS app all basic setting nothing advanced

Sent from my SAMSUNG-SM-G920AZ using Tapatalk

 

[RMerlin]

Don't open the webui to the WAN. Months after months Asus keeps fixing newly discovered security issues specific to the web server, and I still wouldn't trust it outside of a controlled LAN. That web server contains too much custom code, some of which is years old, and wasn't originally written with security in mind.

 

[stevef9432203]

Did anyone test RT-N66U? How does it stay against attacks? Brutforce and so on?

Thanks,
Vadim

Are you out of your Everly Vin mind??!¿¿¿¿¿

Sent from my SAMSUNG-SM-T677A using Tapatalk

 

[stevef9432203]

Don't open the webui to the WAN. Months after months Asus keeps fixing newly discovered security issues specific to the web server, and I still wouldn't trust it outside of a controlled LAN. That web server contains too much custom code, some of which is years old, and wasn't originally written with security in mind.

Amen! Pass the ammo....

Sent from my SAMSUNG-SM-T677A using Tapatalk

 

[Wutikorn]

Not sure about 382 and 384 branch, but 380 branch was hacked easily by botnets as you can see in the following links: link1, link2, link3
Since no one has found how these routers were hacked, it's possible that the vulnerability is still there, so I recommend keeping WAN access off, even with HTTPS only mode. Yet, it may be one of the vulnerabilities Asus has already fixed. However, I would not take the risk, because last time my router was hacked, they gained admin access(full control) to my router. Luckily, the hack wasn't designed to hack Asus router, it does not affect the router as much as it would with some other devices.

 

[DonnyJohnny]

Why would people even think of opening up web GUI or telnet to the outside world. It is crazy...
I suggest don’t use that asus app. I am sure it has some vulnerabilities.
If u really want, set up your VPN server and access GUI via VPN. You can do all you want in VPN mode.

 

[VadimPanov]

Why would people even think of opening up web GUI or telnet to the outside world. It is crazy...
I suggest don’t use that asus app. I am sure it has some vulnerabilities.

My goal is to turn on/off parental control when I am at work and my son is at home. Is there any other safe way to do this using a smartphone?

If u really want, set up your VPN server and access GUI via VPN. You can do all you want in VPN mode.

Sorry, I didn't get what you mean, this requires opening admin access to WAN anyway, correct?

 

[HarryH3]

Sorry, I didn't get what you mean, this requires opening admin access to WAN anyway, correct?

No. Setup the VPN server on your router. Then you can connect to the VPN, which can also make your phone part of the LAN network. Once connected, you can then open the router GUI using the same private IP address that you would use while at home on your LAN.

 

[Wutikorn]

To be specific, you should use OpenVPN server not PPTP one as OpenVPN is much better in term of security. In this case, the part exposed to the internet is OpenVPN server, which has been through lots of security audits. Once your phone/laptop(client) connect to your OpenVPN server at home, it will be able to browse local network as if you are home, which allows you to access admin page without exposing it to WAN.

I found this link on how to setup a OpenVPN server.

 

[VadimPanov]

This seems like what I am going to implement... Thanks a lot everyone!

 

[RMerlin]

Not sure about 382 and 384 branch, but 380 branch was hacked easily by botnets as you can see in the following links: link1, link2, link3

Only a few weeks ago, another vulnerability in httpd was fixed on all versions. So as of last month, it STILL wasn't secure.

 

[RMerlin]

Why would people even think of opening up web GUI or telnet to the outside world. It is crazy...

Less tech-savvy users don't realize that having a password does not imply that the code behind it is secure enough to be trusted.

 

[tck81]

I unknowingly had "Enable Web Access from WAN" set to yes a few months back. I logged into my router at some point and noticed there were some settings changed. I believed the SSID's were changed and my Dynamic DNS host name was changed. That "yes" quickly became a "no" once I saw that setting. I never looked at the logs though and haven't had any problems since.

 

[DonnyJohnny]

I unknowingly had "Enable Web Access from WAN" set to yes a few months back. I logged into my router at some point and noticed there were some settings changed. I believed the SSID's were changed and my Dynamic DNS host name was changed. That "yes" quickly became a "no" once I saw that setting. I never looked at the logs though and haven't had any problems since.

Sometime that is not enough once your router security has been breached. The hacker could have insert some code that create a backdoor that you are not aware of and still able to gain access.

The best way after known security breach is format jffs and reflash with factory setting reset.

 

[DonnyJohnny]

Less tech-savvy users don't realize that having a password does not imply that the code behind it is secure enough to be trusted.

That’s why now the internet world is crazy. People go for hi tech gadget without security awareness. Imagine router, phone, smart watch, camera, air-con, printer and many more being used as zombies to attack or hack others.

 

[RMerlin]

Imagine router, phone, smart watch, camera, air-con, printer and many more being used as zombies to attack or hack others.

No need to imagine it - a lot of recent botnets were, for instance, compromised IP cams.

That's why it's up to companies to step up their game in protecting their customers. Asus took (another) small step toward this with 382 when they removed the ability to open the webui in non-SSL mode to the WAN.

 

[eastavin]

So while we are on the topic of access from internet - what is the feeling on the security of AI Cloud and USB apps from those with experience with this machine? It claims to offer easy access to your USB storage files and pc files from the internet if only you configure things like AI Disk, Cloud disk, Smart access, router to router file sync, Download master through those mostly clumsy screens (though DM seems more modern).

I get the additional impression that security is an after thought when I go to the AI Cloud 2.0 setting tab where it shows password protection as 'optional' with no documentation or explanations as how it relates to things like samba where there are also passwords.

Using openvpn seems smarter to get to ones files from the internet. Just thinking out loud.

 

[RMerlin]

Hard to judge the security of AiCloud since a lot of it is closed source, so experts can't analyze its code.

I still prefer to rely on a VPN myself - it's not that hard to setup, even on a smart phone.