Google’s new OnHub router is said to be offering secure, easy-to-set up Wi-Fi access point. Google proposes to ensure that OnHub is secured by automating updates so that clueless users and over-worked network administrators don’t have to update their routers.
Security experts from ESET and Imperva discuss whether these features make the router any safer than other products out there and what users can do to stay safe.
[su_note note_color=”#ffffcc” text_color=”#00000″]Mark James, Security Specialist at IT Security Firm ESET :
“I think any process that ensures the firmware is kept up to date on systems that the average person will never ever think about updating is a great idea. So many hacks and breaches can happen through outdated and unpatched routers, this is a welcome approach to auto updating the equipment we use each and every day of our lives. Taking the onus away from the end user will ensure that at the very least any patches or fixes are automatically sent to the device and the end user does not need to worry or be involved in the process at all. This will go a long way towards making it a lot more secure than other outdated routers that rely on the end user to not only be aware of any updates but also feel comfortable doing them.
Auto-updating firmware is a great feature and will help in keeping your hardware safe. Easy installation and setup is a must these days as we strive for an easy plug and play life. As more features are added to our electronics most people just want to un-box, plug in and have it working from the go. It will also keep an eye on its own settings and adjust them if it feels a better channel is available or too crowded. With all the latest Wi-Fi bands including AC and Bluetooth it will fit the needs of the modern day user.
To make the router as safe as possible, always make sure you change your default device passwords, regularly check for updates from the manufacturer and install them as soon as possible and also consider turning off remote administration if you’re not going to be managing this device from the web.”[/su_note]
[su_note note_color=”#ffffcc” text_color=”#00000″]Amichai Shulman, Co-Founder and CTO of Imperva :
“Automated security updates might be a good thing for home users. I’m not a fan of automated updates of any type to critical infrastructure and applications in the general case. The risk of rolling a change outside of a scheduled maintenance window is usually higher than the risk stemming from a potential exploit of a vulnerability. Moreover, most businesses can deploy alternatives to security updates and use workarounds to mitigate vulnerabilities whereas there’s no substitute for a business system that goes down.
I think that most problems with home routers (as well as most vulnerable business routers) have to do with bad configuration, back door accounts and weak passwords, not security updates.
I think that the biggest advantage of this new offering (which I deeply regard as an end user) is simplicity. An average home today is becoming a complex networking environment with mobile devices, smart TVs, media streaming and what not. I believe that vendors who solve the ease-of-deployment and ease-of-maintenance problem for home users are going to rule this market.
Users should use a strong password for the management function and make sure the management interface is only accessible from the internal network.”[/su_note]
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.