No worries, the manufactures will patch those holes, right?According to the study, some will and some won’t. Like security expert Darren Kitchen pointed out, many SOHO routers are “made in China and Taiwan, and they’re rushed out the door. There’s not a consumer demand for security; it’s not a feature that will sell it.” Meaning you are getting what you pay for. If the vendor is a higher class business with a team of dedicated engineers to frequently update their firmware to negate new found vulnerabilities how good are you at remembering to update your network infrastructure?I’m good with patching so I’m in the clear.Probably not. Even network administrators who purchase enterprise grade hardware and are meticulous about patching firmware (sure they are) rarely implement it properly. Staffing concerns, budgets, moving from a test environment to a production environment without tightening settings are all hurdles that must be crossed. Think of how many networks you’ve been on where the admins assume that their WPA2 PSK authentication is keeping their organization’s data safe. Far too many. PSKs (Preshared Keys) are all too common in the enterprise world. Rainbow Tables allow hackers to pre-compute hashes for all password combinations of usually 15 characters or less for the top 100 most common SSIDs. All the hacker has to do is sit back, capture your handshake and run your hash through their tables until they have your password. Once they have your password, they can listen to all of your communication unencrypted. Of course, why even bother with that when you can hijack the session and become the Man In The Middle (MITM)and intercept all of the end user’s passwords by proxying their session? It’s easy. The tools are available and hackers are using them…on you.Ok I’m scared, what can I do?s2s recommends Cisco Meraki hardware for all of your firewall, WiFi and switching needs. Why? Meraki can negate the MITM attack by using WPA2-Enterprise with SSL certificates so that you can be sure that you are connecting ONLY to your company’s access points. Additionally, Meraki firmware updates come out on a monthly basis and can auto install on the day/time of the week of your choosing so that you always are patched for the latest vulnerabilities. Plus, with their built in Sourcefire IDP engine they are able to scan for Day 1 events and Day 0 abnormalities. Not only that, each Access Point has a fully functional Layer 7 firewall to protect your network from segments that may require PSK authentication.There are many advantages to using Cisco Meraki for your hardware and a Meraki MSP like s2s to configure your network securely. Why don’t you shoot us an email so that we can get to your network before the hackers get to your data?
If you are in the security community, this information may not come as a surprise to you. If you’ve bought commercial-grade routers for your enterprise organization you may have assumed this might be the case but your finance department has made burying your head in the sand your only alternative. Let me unbury you — A 2013 case study by Security Evaluators shows that all 14 of the top SOHO WiFi routers were susceptible to exploitable vulnerabilities by moderately skilled adversaries from inside or outside of your network.