Friday, September 15, 2017

Arris cable modem issue / securing your home network

If you have an Arris cable modem, especially if you have AT&T internet you should read this. It shows why you ALWAYS want a router between you and your cable modem.BTW TWC uses Arris too but unclear at this time is have same bugs.

To check to see if your modem is exposed even it not an Arris

The easiest way to check is to go to Steve Gibson's ShieldsUP and see if any ports are responding on your cable modem.
Check "All service ports" then a custom port scan on port 49955 61001 49152 8080

You want to see all green

Stuff to fix / check

Lastly if you have never changed your routers password or see ports open in the above tests from a browser go to the Arris web interface
Change the password if still using the default. (Basic settings -> login settings). Make it something random and at least 12 characters.

On LAN Settings Enable UPnP should be unchecked. (Allows stuff to open holes in your firewall.)

I would turn off the WiFi on the modem if you have any other access points. All WiFi should be encrypted no matter what provides it or be ahead of any router you use to protect your devices.

If you have something you need to access outside the home like a webcam first find and add your router to the reserved IP list so its address will not change.

Add a port forward at the modem to the router the cam (or device / PC) is on

If you have multiple cams / devices / ports you can forward a range like this.
You will then need to forward each port to the correct cam / device on your router. That is diff depending on brand and even version so you will need to goggle that bit if it is not obvious from the router's interface. Look for something that says port forwarding. For instance on a Unifi router the instructions look like this.

One last thing

You actually want to have a couple routers. One for your PCs and phones and one for all the rest of your stuff like Blu-ray players, cams, TiVos, home automation hubs .... All the things that might not be all that secure. As an added measure you set that router's firewall to only allow those things you KNOW need to call out to the internet to do so. There have been a lot of reports lately for instance of webcams being shipped with malware on them. If they can not call home or be connected to directly from outside they can not be used in bot nets or as platforms to attack your other devices.

No comments:

Post a Comment