Is ATA safe if BGW security options turned off?

Internet access discussion, including Fusion, IP Broadband, and Gigabit Fiber!
4 posts Page 1 of 1
by emberson » Tue Nov 16, 2021 8:44 am
I think the following applies to both the BGW210 and BGW320.

I've got Sonic Fiber-to-Node with a BGW210.
The Sonic ATA is connected to the BGW210.
Also, I am using the BGW210 WiFi.
I am in the process of getting and then installing a new router.

Anyway, with the new router and the BGW210 in pass-through
mode, if I turn off the BGW210's security (Firewall stuff)
will the ATA be safe?
Could someone attack it from the internet?
For instance, by initiating a VoIP session?

Secondary question, with the BGW210's security off but
keeping the BGW210's WiFi on and using it, could someone attack
a computer using that WiFi?
I notice that when two laptops are using the BGW210 WiFi, then in
the BGW210 "List Links" page, the DHCP IP addresses of the connected
laptops are displayed and I can SSH from one to the other. Could an
outside attacker also find out the DHCP IP addresses and
then try to attack the laptops?

So, is the solution to rely on the security of the new
router having connected it with one of the BGW210's Ethernet ports
and not have anything else connected to the remaining Ethernet ports,
not even the ATA and do not have your machines use the BGW's WiFi
(the WiFi can still be on as a backup way for you to get into the BGW)?

Thanks.
by ngufra » Tue Nov 16, 2021 12:29 pm
I don't know enough about your specific devices but some general notes:
The ATA is connected to the internet. Not sure if you had to open a port on the router so that it can receive inbound connections or if it's using upnp or if it keeps an outbound connection opened.

If it can receive connections, they are probably authenticated.
Any device can have security issues. If it gets compromised, you want to limit its access to your network. One thing you can do is put the ATA on a vlan set so it can access internet but nothing else (so it does not have access to your local network)
by charles2 » Tue Nov 16, 2021 6:44 pm
Your local network broadcasts its SSID so that you can find the LAN on your devices. The SSID is visible to any wi-fi device within range and able to listen on the same channel. However, WPA2 wi-fi security is good. After all, how often do you hear about someone becoming a victim because this security was broken?

I have a BGW210 connected to the Internet and another router behind it. I turned off the wi-fi radios in the BGW210. It works, but it doesn't improve security.
by js9erfan » Wed Nov 17, 2021 5:45 am
If you're concerned about the ATA device security then just connect it to your new router downstream from the BGW210. Or leave it connected to the BGW210 with the firewall functions enabled for that port. You can still configure passthrough for your new router. I have it configured this way for a location in Sebastopol so when I have to reboot the downstream router remotely or make config changes the ATA will remain connected to Sonic and phone service still available. As long as the ATA has an outgoing connection to Sonic you're good.

As for the wifi concern a person would need to be within range and have your wifi password (assuming you're using one) to gain access to your BGW210 so a strong password is always a good idea. There are many ways to get hacked but chances are it will be due to other vulnerabilities and/or human error...
4 posts Page 1 of 1

Who is online

In total there are 28 users online :: 0 registered, 0 hidden and 28 guests (based on users active over the past 5 minutes)
Most users ever online was 999 on Mon May 10, 2021 1:02 am

Users browsing this forum: No registered users and 28 guests