Help with a security question

[daveberg]

Hi All,

Please help with my question.

I'm connected to the net through a cable modem and a router. I use Zone Alarm Pro as my firewall. The router I have came with a default IP address.

In order for me connect to the net, I've to instruct Zone Alarm to let this router with this IP address access the net. Because this IP address could be the same for all those people who bought this same router, does this potentially have security implications. Can someone who has this same router as I have, be able to enter my system, as we both will have the same IP address and Zone Alarm would allow the intruder to access my system thinking that the intruder and I are the same because of same IP addresses for both of our routers.

If the above is a real concern, what are the solutions to it.

Hope I'm clear enough in asking my question.

All feedback is appreciated.

Thanks.

[Thorazine]

I'm a little confused about what you are asking. You have cable coming into your house/apartment/condo and you've attached a router to it so that multiple systems can access the cable modem? You then need to instruct ZoneAlarm to allow inbound traffic from the router to your system?

So your setup (typical) would look something like this:

Internet------cable(modem)--------router---------home computers

I'm not real familiar with how ZoneAlarm works in terms of the interface or why you need to allow access from the router, however I can comment on the IP address concern.

There are several classes and two "types" of IP addresses. We really are only concerned with the later. IP address are either privatve (non-routable) or public (routable). Public IP addresses are unique on the internet. No two systems can exist on the network with the same IP address. This presents a problem because the current scheme only allows 2^32 addresses. To fix this little problem private IP addresses were created. These addresses are not unique to a system and many hosts can have the same private IP address. A system with a private IP can not connect directly to the internet. What happens is the router takes your private IP and translates it to your public IP address (this is called NAT: Network Address Translation) that the cable company has assigned to your router. This is how you can have many machines on your home network connect to the internet using the same connection because there are hundreds of thousands maybe millions of machines connected to the internet in this manner. Your IP private default address isn't the concern. And also what may be happening is your cable provider is giving you a private IP which they are translating to a public IP. So your data must translate twice before it makes it's way on to the internet. Your default private IP isn't the issue.

What is a concern is the password assigned to that router and any exploits the router software has. If the router has a weak password then you might have a problem provided the attacker can side step your cable provider's defenses to get to you.

The trick to home system security is to make getting into your system hard enough that the time and effort aren't warranted.

[fcorneli]

Hello,

Yeah, what he said! Your default router and network addressing is probably something like 192.168.1.1-254, or as we would say, you are on a 192.168.1.0 network scheme. Using such a private network scheme means people cannot directly connect to your internal network through your router. As said above, such private addresses are non-routable by design, and you are safe using them. Network Address Translation will stop direct access to your internal network, but it will not stop access to your router. Make sure you change the default password to your router, make the new password long and complex, and keep up-to-date on the router's firmware upgrades.

Good luck,

Finnian

[cyberskye]

Make sure you change the default password to your router

Better yet, disable remote administration/logons for the router.

There are ways to bypass NAT...but the point made above is what's important - make it difficult and time consuming to get on your box. You can't keep the pro's out, but then again, why would they want your box in the first place. Having the permiter (router) and local (ZA) defenses makes you quite secure.

In order for me connect to the net, I've to instruct Zone Alarm to let this router with this IP address access the net

Is this to receive your ip address via dhcp? You should most certainly NOT add your router to the local (trusted) zone. If you must, allow only DHCP traffic to pass from your router to your box. I would recommend using static addressing on the LAN anyway - unless you have a lot of boxes and/or mobile users, you don't really need it and adds an extra step to startup.

Skye

[Stu]

In order for me connect to the net, I've to instruct Zone Alarm to let this router with this IP address access the net

Is this to receive your ip address via dhcp? You should most certainly NOT add your router to the local (trusted) zone. If you must, allow only DHCP traffic to pass from your router to your box. I would recommend using static addressing on the LAN anyway - unless you have a lot of boxes and/or mobile users, you don't really need it and adds an extra step to startup.

ZA is probably griping about ICMP messages in addition to DHCP, since the router acts as a gateway.

[fcorneli]

Hello,

I've heard people say to make sure your router has a strong password, but can someone from the outside really connect to it to enter a password? With internal IP addressing and the firmware the way Linksys routers are, how in the world can someone get into my router? I have remote management off and do not have any DMZ or port forwarding occurring. Software firewalls have always caused me problems with games, so I've never used them.

Am I really at risk then with just internal IP addressing and a NAT router? I've heard people talk about them being vulnerable, but no one ever says exactly how it is attacked or why it is vulnerable. If someone really knows the risks involved, I'd love to hear more about the DETAILS. I don't know much about security yet, but any information that helps me protect my home network would be appreciated from those who do.

This thread kinda led into this post, so I hope I'm not derailing the thread too much. My question is certainly related to the original posters.

Thanks,

Agathon

[Thorazine]

It depends on how you are setup. For instance, let's say you have a DSL line and your ISP has given you a static IP. Then most definately someone can telnet to your router and start hacking away at the password. Once the router is controlled, then whatever the intruder wants to send to your internal systems is easy.

Now in the case of using a router with cable, it's different. If your provider is NAT'ing your connection then the intruder must compromise their system before yours. Unless of course your using a insecure app or service on your internal system that the attacker can connect to directly (this is why most agreements with cable providers prohibit this).

An example of this would be running an unpatched web server on your internal network. I could throw a dotless IP at it or send a malformed URL to have your system spit back a directory for me.

There's a host of things that can happen. Cyberskye is right, disable remote access and be done with it.