[opensuse-support] what to do about unsecure router
Hello, Ok so I have no idea what Im doing on this so I thought I should ask someone here. When I logged into the router I was warned it is insecure and someone could read what I was writing and I should make it secure. So I found out I could not log in with https. I checked on this and found out I would need a cert...not a self signed cert. This is where the trouble started as I found out the self signed cert I used was unusable. The other things are I can dual boot with win 10 or TW. Also I have two routers. The one from the ISP and another plugged into that. Now first do I need to set this up with cert security? Second do I need this at all? I got the a cert from asus (as in the router). If anyone can give me some hints or directions on how to do this. .................. if I'm not making any sense let me know.... mike -- To unsubscribe, e-mail: opensuse-support+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-support+owner@opensuse.org
On 31/07/2020 23.11, mike wrote:
Hello,
Ok so I have no idea what Im doing on this so I thought I should ask someone here.
When I logged into the router I was warned it is insecure and someone could read what I
was writing and I should make it secure. So I found out I could not log in with https. I checked
on this and found out I would need a cert...not a self signed cert. This is where the trouble
started as I found out the self signed cert I used was unusable. The other things are I can dual
boot with win 10 or TW. Also I have two routers. The one from the ISP and another plugged
into that. Now first do I need to set this up with cert security? Second do I need this at all?
I got the a cert from asus (as in the router). If anyone can give me some hints or directions on
how to do this. .................. if I'm not making any sense let me know....
Quick answer: you do not need anything. Also, possibly you can not do anything. Question: are you logging to your router from your internal network? If so, forget the warning about an insecure connection. The bad guys must connect to your internal network first, which probably means that they have to get inside first, and if they do, who cares about the router? Of course, it means that your WiFi, if you have it, must be secured. Then, can you do anything anyway? No. The routers doesn't have a hard disk where you can write software modifications. It has a ROM that can be flashed with another firmware, and that road is not easy. (you would have to install the cert on the router, and modify its web server so that it responds on https. Not easy. The only practical way to do it is get an alternative firmware and install it, if feasible. I do not recommend it.) If the answer to my question is that you log into the router via internet and http, then... don't do that. Ever. Find out if the router has ssh and use it instead. Then go into the router configuration and disable external http port. And perhaps some other possibilities. -- Cheers / Saludos, Carlos E. R. (from 15.1 x86_64 at Telcontar)
On 7/31/20 5:44 PM, Carlos E. R. wrote:
On 31/07/2020 23.11, mike wrote:
Hello,
Ok so I have no idea what Im doing on this so I thought I should ask someone here.
When I logged into the router I was warned it is insecure and someone could read what I
was writing and I should make it secure. So I found out I could not log in with https. I checked
on this and found out I would need a cert...not a self signed cert. This is where the trouble
started as I found out the self signed cert I used was unusable. The other things are I can dual
boot with win 10 or TW. Also I have two routers. The one from the ISP and another plugged
into that. Now first do I need to set this up with cert security? Second do I need this at all?
I got the a cert from asus (as in the router). If anyone can give me some hints or directions on
how to do this. .................. if I'm not making any sense let me know....
Quick answer: you do not need anything. Also, possibly you can not do anything.
Question: are you logging to your router from your internal network? If so, forget the warning about an insecure connection. The bad guys must connect to your internal network first, which probably means that they have to get inside first, and if they do, who cares about the router?
Of course, it means that your WiFi, if you have it, must be secured.
OK so it is a local network and I'm good...don't know why I was getting those msgs then....
Then, can you do anything anyway? No. The routers doesn't have a hard disk where you can write software modifications. It has a ROM that can be flashed with another firmware, and that road is not easy.
(you would have to install the cert on the router, and modify its web server so that it responds on https. Not easy. The only practical way to do it is get an alternative firmware and install it, if feasible. I do not recommend it.)
If the answer to my question is that you log into the router via internet and http, then... don't do that. Ever. Find out if the router has ssh and use it instead. Then go into the router configuration and disable external http port. And perhaps some other possibilities.
well I do this to update the firmware or change the settings like adding ipv6 with a browser....that's what the router instruction book said to do....I have never used ssh, what would you do with that ? I kind of know what it is but never used it....Thanks for all the help.... mike
-- To unsubscribe, e-mail: opensuse-support+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-support+owner@opensuse.org
On 01/08/2020 02.28, mike wrote:
On 7/31/20 5:44 PM, Carlos E. R. wrote:
On 31/07/2020 23.11, mike wrote:
Quick answer: you do not need anything. Also, possibly you can not do anything.
Question: are you logging to your router from your internal network? If so, forget the warning about an insecure connection. The bad guys must connect to your internal network first, which probably means that they have to get inside first, and if they do, who cares about the router?
Of course, it means that your WiFi, if you have it, must be secured.
OK so it is a local network and I'm good...don't know why I was getting those msgs then....
Because the messages come from a machine, not a human. A human looks at the context and has experience. The message is correct, but the human tells you to ignore it. All as it should be.
Then, can you do anything anyway? No. The routers doesn't have a hard disk where you can write software modifications. It has a ROM that can be flashed with another firmware, and that road is not easy.
(you would have to install the cert on the router, and modify its web server so that it responds on https. Not easy. The only practical way to do it is get an alternative firmware and install it, if feasible. I do not recommend it.)
If the answer to my question is that you log into the router via internet and http, then... don't do that. Ever. Find out if the router has ssh and use it instead. Then go into the router configuration and disable external http port. And perhaps some other possibilities.
well I do this to update the firmware or change the settings like adding ipv6 with a browser....that's what the router
instruction book said to do....I have never used ssh, what would you do with that ? I kind of know what it is but never
used it....Thanks for all the help....
ssh just gives you access to a terminal, like the Linux terminal, with raw commands in text. But it just happens that the transmission is encoded and safe, while http is not. -- Cheers / Saludos, Carlos E. R. (from 15.1 x86_64 at Telcontar)
Am Samstag, 1. August 2020, 02:28:02 CEST schrieb mike:
OK so it is a local network and I'm good...don't know why I was getting those msgs then....
Browsers warn about login forms on plain http websites nowadays because on the open internet, transferring credentials in the clear is a Bad Idea. On your local network, it's less of an issue, but the warning is still as loud. In my opinion, browsers should differentiate between plain http on the internet and on well-known local IP ranges, but at the moment they don't. regards
participants (3)
-
Carlos E. R.
-
Maximilian Trummer
-
mike