Hi Sonic community!
I have several security related questions that I haven't been able to find good answers for on the wiki and forums. Since security is a constant battle, I think it's critical that we remain vigilant and scrutinize our home network security configurations to stay safe. If anyone has thoughts or input on these questions, please share as they can benefit everyone!
1. The Pace modems (and probably others) supplied by Sonic support TR-069 as a management interface. Presumably this is the protocol that Sonic uses to remotely communicate with onsite modems. However, this protocol can be vulnerable to attack. See for example http://www.pcworld.com/article/2463480/ ... s-say.html. What protections does Sonic have in place to monitor for and mitigate intrusion attempts?
2. What other possible attacks can be leveraged against our modems? Apart from wireless (see next question), is there any way for attackers to probe or gain entry to our home networks? Are any services running on publicly accessible ports, like ssh or http? Is the modem's management interface accessible from outside the LAN?
3. What best practices should be followed to secure Sonic modems that also serve as wireless access points? Is there any information leakage to unauthenticated users? Are the default passwords secure enough or could they be cracked? When first turned on "out of the box", what are the risks that eavesdroppers could monitor traffic to the WAP and possibly intercept credentials?
I consider myself rather paranoid when it comes to security, but unfortunately I don't feel like I understand the risks since there is so much closed-source code and firmware involved in these modems. What can we do to protect our networks?
Thank you.
I have several security related questions that I haven't been able to find good answers for on the wiki and forums. Since security is a constant battle, I think it's critical that we remain vigilant and scrutinize our home network security configurations to stay safe. If anyone has thoughts or input on these questions, please share as they can benefit everyone!
1. The Pace modems (and probably others) supplied by Sonic support TR-069 as a management interface. Presumably this is the protocol that Sonic uses to remotely communicate with onsite modems. However, this protocol can be vulnerable to attack. See for example http://www.pcworld.com/article/2463480/ ... s-say.html. What protections does Sonic have in place to monitor for and mitigate intrusion attempts?
2. What other possible attacks can be leveraged against our modems? Apart from wireless (see next question), is there any way for attackers to probe or gain entry to our home networks? Are any services running on publicly accessible ports, like ssh or http? Is the modem's management interface accessible from outside the LAN?
3. What best practices should be followed to secure Sonic modems that also serve as wireless access points? Is there any information leakage to unauthenticated users? Are the default passwords secure enough or could they be cracked? When first turned on "out of the box", what are the risks that eavesdroppers could monitor traffic to the WAP and possibly intercept credentials?
I consider myself rather paranoid when it comes to security, but unfortunately I don't feel like I understand the risks since there is so much closed-source code and firmware involved in these modems. What can we do to protect our networks?
Thank you.