Motorola NVG510 Security

Contributor

Motorola NVG510 Security

Does it concern anyone that when you go to your NVG510 IP (192.168.1.254)  the initial status screen that comes up shows your SSID and Network Key?  I have my 510 password protected and all security options implemented including SSID not transmitting, but if you can see what you need with no password required.  You do need a password to change anything, but isn't the damage already done with this initial status screen?

I turned on MAC filtering which prevents any non authorized user from getting to this point, but is there a way to require the password to access even this initial status screen?

Message 1 of 9 (6,025 Views)
Professor

Re: Motorola NVG510 Security

No, there is no damage. And hiding the SSID is not going to do anything.
________________________________________________________________

"Ren: Now listen, Cadet. I've got a job for you. See this button? Don't touch it! It's the History Eraser button, you fool!

Stimpy: So what'll happen?

Ren: That's just it. We don't know. Maybe something bad, maybe something good. I guess we'll never know, 'cause you're going to guard it. You won't touch it, will you?"
________________________________________________________________
Message 2 of 9 (6,022 Views)
Tutor

Re: Motorola NVG510 Security

One would have to be hard wired into the RG to gain access and see the SSID. You can turn off the broadcast and password protect, but if someone wants on your SSID bad enough and knows what they are doing, they are going to get on it no matter what you do or what equipment you have. Of course the odds are pretty low. I think your safe enough with your current measures.

Message 3 of 9 (5,985 Views)

Re: Motorola NVG510 Security

I just got Uverse internet and yes, those are my concerns too.  I thought maybe you had to be hard wired into the RG but tried it from a wireless computer and sure enough, it let me into the RG config pages without asking for a password, and even a new secure 63 character key is there to copy/paste. 

 

I really wanted to use the wireless though, but it doesn't really seem that secure to me.

Message 4 of 9 (5,824 Views)
Expert

Re: Motorola NVG510 Security

Use WPA2 encryption.

 

Change your password (from what comes with the RG).

 

Change your SSID (from what comes with the RG).

 

Use MAC filtering.

 

Message 5 of 9 (5,821 Views)
Contributor

Re: Motorola NVG510 Security

I recently got U-Verse service with NGV-510. The security is bothering me from day one. I cann't believe my eyes when I see the home screen of the device. Without login, you can see SSID, authentication type and network key. So, you can access the router through Ethernet an immediately knowing what the key is. Furthermore, I experience service interrupts these days. Every interrupt (DSL not available) happend one or two mintes. Do you know what happend when there is a service interrupt? NVG-510 NICELY bring up the device home page. That means you don't have to know what is IP, and you still have the chance to get device homepage and get all information.

 

Lately, NVG-510 device password was reset to blank by unknow reason.

 

I definately believe this design is a wrong decision. 

Message 6 of 9 (5,621 Views)

Re: Motorola NVG510 Security


Ripplinger wrote:

I just got Uverse internet and yes, those are my concerns too.  I thought maybe you had to be hard wired into the RG but tried it from a wireless computer and sure enough, it let me into the RG config pages without asking for a password, and even a new secure 63 character key is there to copy/paste. 

 

I really wanted to use the wireless though, but it doesn't really seem that secure to me.



Of course it did, but only after your device was connected. Smiley Wink

 

As long as you take apropriate measures like changing the default SSID and wireless key, turning off SSID broadcast, using WPA2-PSK/AES security, enable MAC Filtering, changing the System password, and even changing the default IP of the router, you should be more than safe enough.

 

 




__________________________________________________________
How can you be in two places at once, when your not anywhere at all?
------------------------------------------------------------------------------------------------------
I really want to become a procrastinator, but I keep putting it off.
------------------------------------------------------------------------------------------------------
There are three kinds of people, those that can count, and those that can't.
------------------------------------------------------------------------------------
“Our great democracies still tend to think that a stupid man is more likely to be honest than a clever man, and our politicians take advantage of this prejudice by pretending to be even more stupid than nature has made them." :Bertrand Russell

                              

Message 7 of 9 (5,617 Views)
Tutor

Re: Motorola NVG510 Security

Safe enough? Are you kidding me? What if someone "borrows" my phone or my laptop, either of which is set to automatically connect? It would take them seconds to acquire everything they need to get into my network later with their own equipment (it even displays a list of whitelisted MAC addresses, without having to enter the router admin password), then brute force into the router for all kinds of subsequent mischief. It doesn't even have the option to limit admin logins to hardwire devices only! As a router, this RG is clearly an inferior product, and the newer ones are no better (just had mine installed this past Friday, and was SHOCKED at how irresponsible AT&T is about security).

Message 8 of 9 (2,555 Views)
Teacher

Re: Motorola NVG510 Security

[ Edited ]

It is fairly irresponsible to have this page set up like this but its important to note if you let someone borrow your laptop or if they steal it they can get your keys quickly anyway. This is why better wifi devices have guest access keys, but even then the guests still can access your network whenever they want to unless you change it all the time...


But disabling the SSID is useless, renaming the SSID is basically useless unless maybe there is a known expoloitable bug against the device(but that is security by obscurity again), MAC address whitelisting isn't really much more usefull than SSID disabling as you can just watch people log in as they are broadcast in the clear, but that takes a more advanced and determined attack.

 

The only thing that really keeps someone out is a strong WPA2 password in non enterprise situations.  The 2wire devices use all numbers so brute forcing becomes easier if Cisco does the same thing, and they seem to, at least on the WAP that is used for wireless receivers, then changing the password to a strong one would be important.

 

So that brings us back to displaying the only thing that protects the wireless security for free IF you gain phsyical acecss to the router. Is this ideal? absolutley not and I'm not sure why they would do that, but since most people who purchase this service likely do not even change the password that's written on the gateway why make it harder on the techs that have to come out to support is the only thing I can think of.

 

The probability of all of these things happening so some random stranger gets through it all is highly unlikely, and they probably needed to break into the house to do it. At which point almost any system fails since once someone has physical access pretty much any defense falls apart.

 

So basically I agree its a crummy design, but for they few customers that are that concerned about security they really should get a device they purchased and researched that meets all of their security needs. The only way someone sees that password is if they have already compromised your physical access.

 

 

 

 

Message 9 of 9 (2,544 Views)
Share this topic
Announcements

Welcome to the AT&T Community Forums!!! Stop by the Community How-To section for tips on how to get started.