Results 1 to 12 of 12
  1. #1
    New Lounger
    Join Date
    Dec 2010
    Location
    Fayetteville, NC, USA
    Posts
    2
    Thanks
    1
    Thanked 0 Times in 0 Posts

    Do I have a security concern?

    I appear to have a security or hardware problem as follows.
    My new cable modem/router password resets to the default password upon recovery from an upgrade or power out event. A remote technician was able to make configuration changes without my admin password.
    My Question are:
    1. Is it possible that the modem/router is not working correctly and that the admin password should not reset to the default after an upgrade or power outage?
    2. Is it common practice for remote technicians to have the capability to reset options on devices connected to the network?
    3. Are my security concerns justified?
    4. If my concerns are justified, are there consumer grade cable modems available that are not as vulnerable to outside tampering?

  2. #2
    Silver Lounger RolandJS's Avatar
    Join Date
    Dec 2009
    Location
    Austin metro area TX USA
    Posts
    1,724
    Thanks
    95
    Thanked 126 Times in 123 Posts
    I appear to have a security or hardware problem as follows. My new cable modem/router password resets to the default password upon recovery from an upgrade or power out event. A remote technician was able to make configuration changes without my admin password. My Question are:
    1. Is it possible that the modem/router is not working correctly and that the admin password should not reset to the default after an upgrade or power outage?
    ** Your ISP tech can answer this question, I don't know the answer. **
    2. Is it common practice for remote technicians to have the capability to reset options on devices connected to the network?
    ** Yes, AT&T for example, reset my external router/modem's account number [it's a geek thing, it is not the router default password]. Yes, if you ok it, a remote connection can be made to help you get things working smoothly.**
    3. Are my security concerns justified?
    ** Yes, remember Ronald Reagan's "Trust but verify," yes, you're certainly justified having security concerns. Balance functionality and security on the same see-saw, be able to monitor and protect AND be able to do what you want.**
    4. If my concerns are justified, are there consumer grade cable modems available that are not as vulnerable to outside tampering?
    ** I'm not sure you want to be completely cut off from a real live remote tech from your ISP. Tamper-proof, yes! I think you can purchase industrial grade Cisco or Netgear router/modems that are the Green Beret of security. Just make sure your ISP recognizes the device. **
    "Take care of thy backups and thy restores shall take care of thee." Ben Franklin revisited.
    http://collegecafe.fr.yuku.com/forum...-Technologies/

  3. #3
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,170
    Thanks
    47
    Thanked 980 Times in 910 Posts
    Your router should retain the password you set even after a power off. It may be possible to change some values via UPnP.
    What model router.

    cheers, Paul

  4. #4
    Super Moderator
    Join Date
    Aug 2012
    Location
    Durham UK
    Posts
    6,609
    Thanks
    147
    Thanked 870 Times in 832 Posts
    My ISP uses TR-069 which can be disabled in the router - check to see if you have that, but if it's required for auto firmware updates then you should leave it.

    The techs won't be tampering unless absolutely necessary.

    http://www.incognito.com/tips-and-tutorials/faq-tr-069/
    Last edited by Sudo15; 2014-11-24 at 11:25.

  5. #5
    3 Star Lounger
    Join Date
    Dec 2009
    Location
    Northern California
    Posts
    326
    Thanks
    15
    Thanked 142 Times in 91 Posts
    I don't think your modem/router/gateway device should be losing the admin pwsd after a power cycle, though whether it should do so after an upgrade is less definitive. Think of the parallel with upgrading PCs or cell phones. There are a lot of factors, and some device upgrades will retain your custom settings while some don't.

    Yes, it is common for your ISP to have a kind of remote, "superuser" access to your device. If you're worried about the security of your home network, you can always add your own router behind the ISP's device.

    If you have phone service bundled with internet and/or TV, note that increasingly ISPs are switching to a strategy of splitting out the phone line at the modem rather than at the service box on the side of the house, as used to be common. That means you need a special, "telephony" (aka, eMTA) cable modem. If your ISP lets you provide your own, the choice of devices is more limited and harder to find. For example, on this list of approved Comcast cable modems you'll notice there aren't really a lot of telephony choices.

  6. #6
    WS Lounge VIP Coochin's Avatar
    Join Date
    Jun 2014
    Location
    Queensland, Australia
    Posts
    2,153
    Thanks
    31
    Thanked 306 Times in 266 Posts
    Quote Originally Posted by bwhitney View Post
    I appear to have a security or hardware problem as follows.
    My new cable modem/router password resets to the default password upon recovery from an upgrade or power out event. A remote technician was able to make configuration changes without my admin password.
    My Question are:
    1. Is it possible that the modem/router is not working correctly and that the admin password should not reset to the default after an upgrade or power outage?
    2. Is it common practice for remote technicians to have the capability to reset options on devices connected to the network?
    3. Are my security concerns justified?
    4. If my concerns are justified, are there consumer grade cable modems available that are not as vulnerable to outside tampering?
    1. If by "power out event" and "power outage" you mean an unexpected mains power failure (such as often caused by lightning strikes), then yes, that can cause a modem/router to reset itself to default configuration and so lose a custom "admin" username/password. A firmware upgrade can also cause a customised configuration to be lost.

    2. Yes, but as I understand it they can access only the modem/router and not any other connected devices (unless you have given "remote desktop" access of course).

    3. I really doubt it.

    4. You are better-off sticking with the modem/router supplied by your ISP. Installing a 3rd-party modem/router would risk creating more problems than it might appear to solve.

    If you "power-cycle" your modem/router (turn off the power to it then turn the power back on) it should not lose its configuration.

    Virtually all modem/routers have a small "reset" switch somewhere, almost always under a hole, which can be used to reset the unit's configuration, including admin username/password to the unit's defaults. I have several times encountered customers who misunderstood the meaning of "reset", and who lost their unit's configuration by mistakenly trying to use the reset switch to "power-cycle" the unit.
    Computer Consultant/Technician since 1998 (first PC was Atari 1040STE in 1988).
    Most common computing error is EBKAC: Error Between Keyboard And Chairback
    AMD FX8120 (8-core @ 3.1GHz) CPU, Gigabyte GA-990FXA-D3 motherboard, 8GB (2x4GB) DDR3 1866MHz RAM, ATI-AMD Radeon HD6770 PCI-E VGA, 480GB Kingston SSD, 2TB Seagate SATA3.0 HDD, ASUS DVD/RW.

  7. #7
    5 Star Lounger
    Join Date
    Jul 2012
    Posts
    965
    Thanks
    661
    Thanked 58 Times in 57 Posts
    You can also consider saving the configuration you set up. Ask your technician how to do that on your unit. The idea is if there is an issue with your unit and it either resumes to its default settings or is done on purpose for what ever reason; afterward you can restore your configuration to what it was before a problem. That's what I have on my Netgear wireless router. Since your unit is ISP provided you can ask hem if you can do the same and how to do so
    BTW, on your comment about the password resetting to its default password under the conditions you mention, is that essentially a common occurrence?

  8. #8
    Star Lounger
    Join Date
    Dec 2009
    Location
    Los Angeles, CA
    Posts
    72
    Thanks
    2
    Thanked 2 Times in 2 Posts
    Misc. comments: You can ask your ISP for separate modems for the phone and internet. I have done that and it works fine. I have also had them turn OFF the router in their internet modem and purchased a high end router for myself. That also works good.

  9. #9
    Lounger
    Join Date
    Dec 2009
    Location
    Phoenix, AZ
    Posts
    29
    Thanks
    1
    Thanked 1 Time in 1 Post
    It is possible but unlikely that the battery in the unit is dead. Usually the battery is intended to avoid just the problem you describe. If there is a power outage, the battery - often a common button battery - provides enough power to save the configuration. While possible, a dead battery is not likely the cause just because those batteries are called on so little that they last many years.

  10. #10
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,170
    Thanks
    47
    Thanked 980 Times in 910 Posts
    I wouldn't expect routers to have batteries, a little bit of RAM is cheaper and more reliable, especially as the RAM is already used for the firmware.

    cheers, Paul

  11. #11
    Super Moderator Rick Corbett's Avatar
    Join Date
    Dec 2009
    Location
    South Glos., UK
    Posts
    2,140
    Thanks
    101
    Thanked 579 Times in 464 Posts
    This current WSL post - Network-accessible external hard drive - shows that the router in question (in the post) has a battery.

    See here for specifics of installing and removing the battery.

    It appears that at least one router used in the US uses a battery.

    cheers, Rick
    Last edited by Rick Corbett; 2014-11-29 at 18:47.

  12. #12
    Super Moderator
    Join Date
    Jun 2011
    Location
    New England
    Posts
    4,746
    Thanks
    171
    Thanked 649 Times in 572 Posts
    Quote Originally Posted by Rick Corbett View Post
    This current WSL post - Network-accessible external hard drive - shows that the router in question (in the post) has a battery.

    See here for specifics of installing and removing the battery.

    It appears that at least one router used in the US uses a battery.

    cheers, Rick
    That battery is only for telephone service during the first 8 hours of a power outage though, as it's a cable modem and wi-fi router which includes telephony.

    I have a similar model and haven't yet bothered to pay Comcast $40 for a battery; but the wi-fi router part retains its settings when I disconnect it from power.

    Bruce

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •