Sunday, June 13, 2004

Netgear WG602 Wireless Access Point

Last week I posted that the Netgear WG602 had a backdoor password, and that everyone should upgrade to the firmware version 1.7.14. Unfortunately, that firmware revision didn't get rid of tha backdoor, it just changed the username and password. Netgear has released a new firmware revision, 1.7.15, which eliminates the backdoor.

http://kbserver.netgear.com/support_details.asp?dnldID=741

If you use this product at home, I recommend that you download the firmware upgrade and install it.


How could the backdoor affect me?

Anyone who can connect to your access point would be able to change the settings for your access point. If you have enabled security and filtered the list of MAC addresses that can connect, this backdoor will have very little affect on you. However, I would still recommend that you patch this backdoor.


What models have the bug?

Only the Netgear WG602 version 1.0 product is known to exhibit this bug. It is based off of a z-com chipset. The WG602 version 2.0 product does not have this vulnerability.


What else can I do to protect my wireless network?

At the very least, change the default admin password and enable WEP security. Unfortunately, nearly all networking equipment intended for home use is shipped in an unsecured state by default. This provides the least confusion when setting up the network, but also leaves you open to attack. By changing the default password and enabling WEP, you are preventing the casual and curious wireless surfer from hopping on your network.


I've enabled WEP and changed the password, now what?

Great, you've taken the first steps towards securing your network. Unfortunately, the WEP standard has a couple of flaws. It uses some common keys in the encryption process that can be easily discovered. Anyone with enough free time on their hands can sit outside your network and eventually determine the WEP key and get on your network. There are some additional steps you can take to protect yourself though.


- Disable SID broadcasting.

This feature is not available on all Wireless Access Points. Your access point broadcasts a beacon on a regular interval to tell wireless users that it is available. This beacon includes the name, or SID of your WAP. By turning this beacon off, wireless surfers will not know that your WAP exists unless they specifically look for it.


- Force a VPN for all wireless clients.

If you want to get really secure, connect your WAP to a dead pool on your network. By dead pool, I mean a network connection that has no access to the web, the company intranet, or any other resources on your network. It is completely isolated. From there, users must create a VPN connection to any resource on your intranet. There are many benefits to this type of setup. First, you can turn off MAC address filtering and WEP. People who connect can't do anything without the VPN, and this reduces the maintenance needed to updated WEP keys and MAC lists. Secondly, a VPN connection provides a much stronger encryption level, protecting any data you may transmit wirelessly.

Sunday, June 6, 2004

Netgear WG602 Wireless AP Security Problem

For anyone out there using a Netgear WG602 Wireless Access Point, be aware that a backdoor password was recently discovered that would allow anyone to hack your device. Be sure to go to the Netgear support page to download the latest firmware for your access point. The latest firmware revision removes the backdoor password.