Modems/Routers : Add HTTPS when connecting to the NETGEAR Genie page

1a) My comment is about WiFi Routers, not Cable/DSL-Modems that connect directly to the Internet. If I'm in the wrong thread, please someone, let me know?

1b) My cable modem is mine, not the ISP's. I purposely got the CM400 and will NEVER have a WiFi device directly connected to the ISP.

2) I have a 5-7 year old D-Link WiFi Router that can be administered over WiFi (ie; on local connections). Remote Administration (i.e.: over WAN) is turned OFF. I dislike that it does not allow itself to be administered using https, whether by my LAN computer or WiFi. Especially because any attempt to administer the Router (not talking about any modem) over WiFi using http results in the username and password being transmitted in cleartext.

3) I am leaving in the next few minutes to return an UNOPENED box to Frys#5. This was an impressive looking Netgear Nighthawk X4S AC2600 "Smart" WiFi Router. I downloaded and carefully searched the pdf Manual for it. I couldn't find any instructions like the very complete ones on my current D-Link Router. No way to figure out without opening the box and hooking the device and going through all its menus. Which I will not do. I need to know before I am stuck with something. I am just surviving on SS.

4) Additionally, I want a device that gets REGULAR security updates as hacks are discovered, like my Ubiquity wired ER-X, that I'm getting ready to "up-flash" and put into service directly between my modem and D-Link WiFi Router. Of course, nobody will be doing that.

5) So what I really need is to have someone clue me in to any WiFi ROUTER allowing administration over https. I give up on security firmware updates. I don't even care if I have to fall back to n300 stuck on 2.4GHz. I want SECURITY over ANY "feature".

1a) Again, if this thread is mostly about MODEMS then someone please ... well, "tell me where to go"? I know, leaving myself open with that one.

Thanks to anyone who read this. I can only wish I knew enough to contribute to the group.

DrWattsOn

i have 3 NETGEARS routers buyed in different times

first is WNR3500Lv2, i go to it after zyxel, dlink, tp-link, trendnet - and didn't have problem with it and !i think NETGEAR is great company! good hardware, good firmware/possibilities/friendly gui.
second is WNDR4500v2, buy it because need more throughput - 2 problems no https internal and SSL/TLS for email (after purchase support says what it's already EOL and goodbye)...
third i buy 2xR7000 i think what it's new good and etc - but again no internal https support and have some small problems.

i have 2 NAS 104 and 426, i have minor problem and same story...

in summary, i can say that the more I put money into a NETGEAR, then less I had the quality of service and things in those places where I needed it critically and asks add them.
if somebody looks this thread to select right product for home
!GO AWAY FROM NETGEAR!
if you ask NETGEAR please add support xx to help me to work with product more simpler and better, you hear answer -
"we not interesting in this way, we only remove big bugs what stops sales"
we need your money, no end user customer work...
you can buy Chinese OEM and have more, don't waste your money for service or shine frimware/nice looks site/forum.

Are we still waiting for a patch here?  What is the problem? Patch krack and give us an https option in the advanced menu.  Come on already.

BTW I love how my post says "Novice"

That's down to this: Total Messages Posted 2

Hang in there and the algorithms will make your day.

BTW I love how my post says "Novice"

I have been around InfoSec for over 20 years, spoken at some major InfoSec conferences including DEF CON and DerbyCon and am very involved in the security world. Maybe its because I usually don't post on their forums.

So it's truely unbeliveable that the management interface for all routers does not default to https! Also, why do I need the SSID and password scrolling across my screen? The developers of thse interfaces need a healthy dose of security training.

To be clear, SSL should now be referred to as TLS. All versions of SSL (1.0, 2.0 & 3.0) are vulnerable to attack. TLS 1.0 should also be deprecated. TLS 1.1, 1.2 and soon 1.3 should be the supported standard.

TLS encrypts the traffic between the client end point and the web interface of the router. The main reason this is important is to prevent unauthorized users on the wired side from sniffing network traffic and gathering login credentials for the router. Without TLS, this data is sent unencrypted and can easily be gathered from Wireshark captures.

Wireless data transfer is a different story. All routers shoudl be using WPA2 and nothing else. Yes, there are attacks against it, but it is highly unlikely that you will fall victim to that in your home. If you were to get compromised, having your router use TLS means that traffic would be encrypted in transit via TLS and not visible anyway!

Wireless traffic send using WPA2 encryption is unreadable in transit unless you are able to break the key pair. This is not trivial. 

In addition to https on the router admin interface, we should be screaming for router vendors and device manufacturers to fully support 802.11w - Secured Management Frames. By fully supporting this standard and turning on those features, one would significnatly reduce the likelyhood that soemone could force a client to deauth and connect to a rogue access point broadcasting a known SSID.

In any case, if Netgear can't get the simple stuff right, how much can you trust that they got the rest right? They should take a lesson from DD-WRT!

Let's go, you bunch of motheryards!

ENABLE HTTPS administration on all admin interfaces and allow for varying ports. LET'S GO NETGEARRRRRRRRRRRR!

Ok Netgear! No excuses now. Krack is real and this is enough reason to enable Https once you release the patch.

https://techcrunch.com/2017/10/16/heres-what-you-can-do-to-protect-yourself-from-the-krack-wifi-vulnerability/

A self signed cert is fine.  Make it an advanced option. Snooping malware can intercept plain text delivery of base 64 (authorization basic) user/pass communication that is unencrypted. Read the link below. 

https://community.netgear.com/t5/Nighthawk-WiFi-Routers/Unencrypted-dashboard-Login-No-https/m-p/1381938#M67578