What's new

Risk level remotely connecting to router webui over http?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Axxel6307

Occasional Visitor
Once in awhile away from home i need to open my asus webui app to connect to my router to turn router off remotely when i don't want my wifi running.

I'm in and out in just a few seconds. But it's done over http. Can my routers webui/admin password be seen during this brief connection and give someone a backdoor to my network?
 
Last edited:
...open my asus webui app to connect to my router to turn it off remotely.
Turn what off? Remote access? The router (there's no option to do that)?

I'm in and out in just a few seconds. But it's done over http. Can my routers webui/admin password be seen during this brief connection and give someone a backdoor to my network?
Yes. But the much bigger problem is that Asus' HTTP web server is easily hackable and if it's normally open to the WAN it's just a matter of time (whether you're away from home or not)...
 
Turn what off? Remote access? The router (there's no option to do that)?

Yes. But the much bigger problem is that Asus' HTTP web server is easily hackable and if it's normally open to the WAN it's just a matter of time (whether you're away from home or not)...

No, i mean shut my router off remotely using the webui.

So if its too risky leaving wan access enabled whether over https or http, is there a workaround way to connect to my router remotely?
 
No, i mean shut my router off remotely using the webui.
I'm still not sure what you mean by "shut my router off". Do you mean physically power off the router? - There's no option for that. Or do you mean "disable the remote access features"?

So if its too risky leaving wan access enabled whether over https or http, is there a workaround way to connect to my router remotely?
Yes, use the OpenVPN server on the router and connect to that.
 
I'm still not sure what you mean by "shut my router off". Do you mean physically power off the router? - There's no option for that. Or do you mean "disable the remote access features"?

Yes, use the OpenVPN server on the router and connect to that.

I'm sorry you are right. I meant reboot my router. I just said shutoff for simplicity since It's another can of worms why I need to reboot it remotely lol.
Anyway, thanks for the info bud.
 
I'm in and out in just a few seconds. But it's done over http. Can my routers webui/admin password be seen during this brief connection and give someone a backdoor to my network?

The vast majority of home routers have very poorly written web servers, which are constantly the target of attacks. Don't expose your router's webui to the Internet, you are highly likely to have it compromised. Asus for instance fixes new web-related issues every few months, and Netgear recently recommended to their users not to expose their router's WAN to the Internet as a protection against the VPNFilter malware.

Use a VPN tunnel.
 
Once in awhile away from home i need to open my asus webui app to connect to my router to turn router off remotely when i don't want my wifi running.

I'm in and out in just a few seconds. But it's done over http. Can my routers webui/admin password be seen during this brief connection and give someone a backdoor to my network?

I suggest you reflash, reinitialise (factory default) if you have been leaving your router open to WAN via the asus app for some time.
Don’t use Asus app at all and NEVER open Wan access or ssh. Use OpenVPN server access via openvpn connect (iOS/android).
Good luck if you choose to leave it open.
 
Why is OpenVPN safer than SSH via keys only (i.e., no password)?

The openvpn code was recently audited. I don't think dropbear code ever was.

The increased security lies in the underlying code, not in the authentication mechanism itself.
 
Thanks.

Maybe I should indeed disable SSH over WAN and use it over OpenVPN instead.
 
The openvpn code was recently audited. I don't think dropbear code ever was.

I'll have to thank @Xentrk for popping this thread up...

Dropbear, while not having gone thru the openvpn audit, is fairly secure - use certs, and it's very secure...
 
Link is broken... please post again.

The member you quoted does not visit SNB Forums anymore and you replied to a thread >6 years old.

If you need OpenVPN access back to your home network just set OpenVPN server on your router, export the *.ovpn configuration file and import it on the client device you'll be using to access your network. You may need to install OpenVPN Connect application on this device, available for multiple platforms. If you have Dynamic WAN IP address you have to use DDNS service. Use search for more details, the matter was discussed multiple times.
 
Enable SSH from the lan, then connect to the router using OpenVPN. You can then connect vis SSH.
That sounds very convoluted.
The normal practice is generating a certificate on the client machine and produce a client SSL cert to install on the server and configure the SSH client to use certificate authorization.

even though this post was dusty, it needed a correct answer.
 
That sounds very convoluted.
The normal practice is generating a certificate on the client machine and produce a client SSL cert to install on the server and configure the SSH client to use certificate authorization.

even though this post was dusty, it needed a correct answer.

By using openvpn we avoid exposing the ssh server to the Web. Which method is more secure?
I'll stick with what I know, thank you.
 
Similar threads
Thread starter Title Forum Replies Date
PR3MIUM News Windows build 2024 and Ai Recall - Security Risk General Network Security 2

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top