U-verse Forums

Reply
Posted Aug 25, 2013
8:06:20 AM
View profile
NVG589 security

Is there a way to set up security on the NV589 gateway so that the default IP address (192.168.1.254) home page does not show all of the security details (SSID, network key etc) ?

Is there a way to set up security on the NV589 gateway so that the default IP address (192.168.1.254) home page does not show all of the security details (SSID, network key etc) ?

0
(0)
  • Rate this reply
View profile
Solved
Aug 30, 2013 2:53:11 PM
0
(0)
Expert

chavali wrote:

My issue is that any random person (within range of my network) can pull up this page and connect to my network, since the SSID and WPA key are displayed on the home page.


 

How is someone going to pull this page up before they connect?

 

They can't connect to your router without the SSID and WPA key, and they can't display this page that shows them without being connected.  Chicken and egg problem.

 

 

Accepted Solution

NVG589 security

5,738 views
14 replies
(0) Me too
(0) Me too
Post reply
Cancel
Submit
Replies
(14)
0
(0)
  • Rate this reply
View profile
Aug 30, 2013 7:15:12 AM
0
(0)
Tutor

Bump - is there really no way to secure this page ?

Bump - is there really no way to secure this page ?

Re: NVG589 security

2 of 15 (5,664 Views)
0
(0)
  • Rate this reply
View profile
Aug 30, 2013 7:40:40 AM
0
(0)
Tutor

There is another thread about this same problem related to the NVG510. In short: yes these RGs have crappy security features, and the folks claiming to be "experts" on this forum are being totally dismissive (saying things like "if someone's determined to hack your network, they're going to get in no matter what you do"). My plan is to shut off the NVG589 wireless capabilities and reinstall my old router in a cascade setup (I think there's a thread explaining how to do this, but I don't have the link handy).

There is another thread about this same problem related to the NVG510. In short: yes these RGs have crappy security features, and the folks claiming to be "experts" on this forum are being totally dismissive (saying things like "if someone's determined to hack your network, they're going to get in no matter what you do"). My plan is to shut off the NVG589 wireless capabilities and reinstall my old router in a cascade setup (I think there's a thread explaining how to do this, but I don't have the link handy).

Re: NVG589 security

3 of 15 (5,658 Views)
0
(0)
  • Rate this reply
View profile
Aug 30, 2013 10:54:26 AM
0
(0)
Guru
Edited by bauwls on Aug 30, 2013 at 10:54:54 AM

Cutter, what does securing the Modem GUI page have to do with wireless security? To make any changes, you have to enter the Device Access Code listed on the left hand side of your modem, which you can change to suit personal preferences. In order to access the modem GUI page, you have to be connected to the RG via wifi (WPA-PSK TKIP & WPA2-PSK AES) and have the Device Access Code to make any changes.

chavali, I have not found a way thus far to secure the page and not provide perhaps sensitive details. You can prevent making any changes by securing the Device Access Code. CutterB's solution of putting router behind router works as pulling up the default gateway's page will pull up the router's interface with no access to the RG's GUI if they are on different networks.

Cutter, what does securing the Modem GUI page have to do with wireless security? To make any changes, you have to enter the Device Access Code listed on the left hand side of your modem, which you can change to suit personal preferences. In order to access the modem GUI page, you have to be connected to the RG via wifi (WPA-PSK TKIP & WPA2-PSK AES) and have the Device Access Code to make any changes.

chavali, I have not found a way thus far to secure the page and not provide perhaps sensitive details. You can prevent making any changes by securing the Device Access Code. CutterB's solution of putting router behind router works as pulling up the default gateway's page will pull up the router's interface with no access to the RG's GUI if they are on different networks.

Re: NVG589 security

[ Edited ]
4 of 15 (5,645 Views)
0
(0)
  • Rate this reply
View profile
Aug 30, 2013 12:52:02 PM
0
(0)
Tutor
Edited by chavali on Aug 30, 2013 at 12:57:33 PM

Thanks much for the responses.

 

My issue is that any random person (within range of my network) can pull up this page and connect to my network, since the SSID and WPA key are displayed on the home page.

 

I have changed the decive access code and also have a MAC filtering whitelist set up to thwart such access, but it is feeble protection against a determined hacker.

 

Putting another router to act as a firewall is beyond the technical capabilities of a vast majority of customers and it is unreasonable to expect them to install such a solution themselves, let alone troubelshoot issues if/when they occur.

 

I find it astonishing that there is no way to secure this page. I will send a note to AT&T executives and let them know that this is unacceptable
.

 

 

Thanks much for the responses.

 

My issue is that any random person (within range of my network) can pull up this page and connect to my network, since the SSID and WPA key are displayed on the home page.

 

I have changed the decive access code and also have a MAC filtering whitelist set up to thwart such access, but it is feeble protection against a determined hacker.

 

Putting another router to act as a firewall is beyond the technical capabilities of a vast majority of customers and it is unreasonable to expect them to install such a solution themselves, let alone troubelshoot issues if/when they occur.

 

I find it astonishing that there is no way to secure this page. I will send a note to AT&T executives and let them know that this is unacceptable
.

 

 

Re: NVG589 security

[ Edited ]
5 of 15 (5,637 Views)
0
(0)
  • Rate this reply
View profile
Solved
Aug 30, 2013 2:53:11 PM
0
(0)
Expert

chavali wrote:

My issue is that any random person (within range of my network) can pull up this page and connect to my network, since the SSID and WPA key are displayed on the home page.


 

How is someone going to pull this page up before they connect?

 

They can't connect to your router without the SSID and WPA key, and they can't display this page that shows them without being connected.  Chicken and egg problem.

 

 


chavali wrote:

My issue is that any random person (within range of my network) can pull up this page and connect to my network, since the SSID and WPA key are displayed on the home page.


 

How is someone going to pull this page up before they connect?

 

They can't connect to your router without the SSID and WPA key, and they can't display this page that shows them without being connected.  Chicken and egg problem.

 

 

Re: NVG589 security

6 of 15 (5,627 Views)
Solution
0
(0)
  • Rate this reply
View profile
Sep 1, 2013 2:16:37 PM
0
(0)
Tutor

Thanks - I see your point - I guess I was overthinking (or underthinking ?) the issue - appreciate you pointing out the flaw :-)

 

Srini

Thanks - I see your point - I guess I was overthinking (or underthinking ?) the issue - appreciate you pointing out the flaw :-)

 

Srini

Re: NVG589 security

7 of 15 (5,587 Views)
0
(0)
  • Rate this reply
View profile
Sep 3, 2013 1:10:58 PM
0
(0)
Tutor

Restricting GUI access (or any other way to administer the device) to hard-wire connections only is the best way to prevent a brute-force attempt to guess the admin password. I laid out in another thread a realistic scenario: Someone "borrows" my smartphone or portable computer, which is set to automatically connect to the network. All he/she has to do is log into the RG to get the key (which is displayed for all to see) and a complete list of all the MAC addresses that are whitelisted. With that information, another more powerful device can be set up to hack the rest of the way in.

Restricting GUI access (or any other way to administer the device) to hard-wire connections only is the best way to prevent a brute-force attempt to guess the admin password. I laid out in another thread a realistic scenario: Someone "borrows" my smartphone or portable computer, which is set to automatically connect to the network. All he/she has to do is log into the RG to get the key (which is displayed for all to see) and a complete list of all the MAC addresses that are whitelisted. With that information, another more powerful device can be set up to hack the rest of the way in.

Re: NVG589 security

8 of 15 (5,530 Views)
0
(0)
  • Rate this reply
View profile
Sep 3, 2013 4:53:00 PM
0
(0)
ACE - Master

And you would loan your smartphone with network access to someone who you don't trust and allow them to leave your sight?  And you're worried about what your RG displayed to someone authenticated or physically connected?

 

And you would loan your smartphone with network access to someone who you don't trust and allow them to leave your sight?  And you're worried about what your RG displayed to someone authenticated or physically connected?

 

*The views and opinions expressed on this forum are purely my own. Any product claim, statistic, quote, or other representation about a product or service should be verified with the manufacturer, provider, or party.

Re: NVG589 security

9 of 15 (5,510 Views)
0
(0)
  • Rate this reply
View profile
Jul 11, 2014 8:26:48 AM
0
(0)
Contributor

AT&T used to use 2Wire Gateway that used a feature to force anyone visiting 192.168.1.254 to login into the page portal of the gateway. Without login credentials there was not way to view the settings. Now that AT&T U-Verse uses the previous Motorola NVG589 acquired by Arris, anyone who is allowed to use your network can easily see/access to  the 192.168.1.254. In chatting with Arris tech support they claim that AT&T did not request the same feature as 2Wire. Arris has 2 other products that indeed have the feature but AT&T did not want to use. Is AT&T doing a backdoor by restricting the feature?

 

Please AT&T, make the request to Arris to deploy the feature. Thanks.

AT&T used to use 2Wire Gateway that used a feature to force anyone visiting 192.168.1.254 to login into the page portal of the gateway. Without login credentials there was not way to view the settings. Now that AT&T U-Verse uses the previous Motorola NVG589 acquired by Arris, anyone who is allowed to use your network can easily see/access to  the 192.168.1.254. In chatting with Arris tech support they claim that AT&T did not request the same feature as 2Wire. Arris has 2 other products that indeed have the feature but AT&T did not want to use. Is AT&T doing a backdoor by restricting the feature?

 

Please AT&T, make the request to Arris to deploy the feature. Thanks.

Re: NVG589 security

10 of 15 (3,136 Views)
0
(0)
  • Rate this reply
View profile
Jul 11, 2014 9:28:10 AM
0
(0)
ACE - Master

The 2WIRE's do the same thing on the current firmware: ff you have access to the router, you can see the WiFi password.

 

Which really isn't the end of the world, though I agree it's not the best security practice.  I believe AT&T did that to try to prevent support calls asking what the initial value was, since if they could not see it on the sticker, then they weren't going to see the system password on the sticker either (which it would take to log in to see the password).

 

The 2WIRE's do the same thing on the current firmware: ff you have access to the router, you can see the WiFi password.

 

Which really isn't the end of the world, though I agree it's not the best security practice.  I believe AT&T did that to try to prevent support calls asking what the initial value was, since if they could not see it on the sticker, then they weren't going to see the system password on the sticker either (which it would take to log in to see the password).

 

*The views and opinions expressed on this forum are purely my own. Any product claim, statistic, quote, or other representation about a product or service should be verified with the manufacturer, provider, or party.

Re: NVG589 security

11 of 15 (3,129 Views)
0
(0)
  • Rate this reply
View profile
Jan 2, 2015 9:10:42 AM
0
(0)
Contributor

@somejoe - unfortunately this answer is useless.  There are plenty of reasons why an admin login screen matters and its not a chicken and an egg problem.  At my house I have a teenager that is on the network but I want to stop him from accessing the configuration of the router.  without a login screen he has full access to change what ever he wants.  

 

Again, is the consensus that this device doesn't offer an admin login screen to limit access to the router's configuration?  Has any expert worked out a reasonable alternative solution?

@somejoe - unfortunately this answer is useless.  There are plenty of reasons why an admin login screen matters and its not a chicken and an egg problem.  At my house I have a teenager that is on the network but I want to stop him from accessing the configuration of the router.  without a login screen he has full access to change what ever he wants.  

 

Again, is the consensus that this device doesn't offer an admin login screen to limit access to the router's configuration?  Has any expert worked out a reasonable alternative solution?

Re: NVG589 security

12 of 15 (828 Views)
0
(0)
  • Rate this reply
View profile
Jan 2, 2015 9:15:13 AM
0
(0)
Contributor

@JEFFER - the real issue is about restricting admin access to just the home network admin.  All these responses are basically saying it can't be done and you're using 'social' examples for why it doesn't matter.  you probably don't have a teenager living at home who needs his chain yanked every so often.  today when I rebooted the router, my browser connection immediately went to the router summary screen when I tried to connect to google (that's an interesting bug but not relevent to this).  I don't want my teenager locking me out of my router, forcing me to reset the device.

 

sounds like the bottom line here is that the device doesn't offer this basic capability.

@JEFFER - the real issue is about restricting admin access to just the home network admin.  All these responses are basically saying it can't be done and you're using 'social' examples for why it doesn't matter.  you probably don't have a teenager living at home who needs his chain yanked every so often.  today when I rebooted the router, my browser connection immediately went to the router summary screen when I tried to connect to google (that's an interesting bug but not relevent to this).  I don't want my teenager locking me out of my router, forcing me to reset the device.

 

sounds like the bottom line here is that the device doesn't offer this basic capability.

Re: NVG589 security

13 of 15 (827 Views)
0
(0)
  • Rate this reply
View profile
Feb 25, 2015 5:25:11 PM
0
(0)
Contributor

I agree with @NimbleThunder 


With no password protection anyone that's in my network (ie. my kids) can:
- reset my wireless network
- restart my phone line

- restart the router/modem itself basically knocking everyone off of wireless and ethernet

Reseting it whenever they want regardless of what I'm doing.  All with virtually no log of who it was that pushed the button.

 

A simple sign-in page would solve this easily - is that really too much to ask?

I agree with @NimbleThunder 


With no password protection anyone that's in my network (ie. my kids) can:
- reset my wireless network
- restart my phone line

- restart the router/modem itself basically knocking everyone off of wireless and ethernet

Reseting it whenever they want regardless of what I'm doing.  All with virtually no log of who it was that pushed the button.

 

A simple sign-in page would solve this easily - is that really too much to ask?

Re: NVG589 security

14 of 15 (190 Views)
0
(0)
  • Rate this reply
View profile
Feb 25, 2015 6:16:51 PM
0
(0)
ACE - Master

Um... really? 

 

You know, you can change the "System" or "Admin" password, which is needed to reset the router.  Oh, but pulling the plug works, too.   Dang, sorry about that.  And the "System" or "Admin" password doesn't show on any screen (just the sticker on the side, but as I said, you can change that).  It's also needed to change any parameters.  So... exactly what are you complaining about again?

 

 

 

Um... really? 

 

You know, you can change the "System" or "Admin" password, which is needed to reset the router.  Oh, but pulling the plug works, too.   Dang, sorry about that.  And the "System" or "Admin" password doesn't show on any screen (just the sticker on the side, but as I said, you can change that).  It's also needed to change any parameters.  So... exactly what are you complaining about again?

 

 

 

*The views and opinions expressed on this forum are purely my own. Any product claim, statistic, quote, or other representation about a product or service should be verified with the manufacturer, provider, or party.

Re: NVG589 security

15 of 15 (178 Views)
Share this post
Share this post