NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
How to enable connection monitoring and block-listing
How do I enable traffic monitoring and block-listing with Orbi? Even the cheap TP-link I had before had these feature, they are rather basic, but how do I find them and operate them with an Orbi?...
Thanks for this FURRYe38.
The credibility of the Orbi programme management team has just taken a serious knock.
Even the guest wifi password has complexity and the main one also has good length but tha
Why would a network manager not want to know who was connected to the WiFi network, active and how active? Why would they not want to be able to block a device that was foreign or one that was known hostile? How can NETGEAR not realise that the net is hostile and that even home networks are under constant attack these days?
When a supplier as big as NETGEAR clearly doesn't give a damn about customer security, it adds to the hostility of the net and the risks we have to accept when we buy and use NETGEAR products. Even TP-link offered these features on an immature product.
As you might sense,I find this really annoying. Is this inept or is deliberate?
SmilingEddie wrote:Thanks for this FURRYe38.
Why would a network manager not want to know who was connected to the WiFi network, active and how active? Why would they not want to be able to block a device that was foreign or one that was known hostile? How can NETGEAR not realise that the net is hostile and that even home networks are under constant attack these days?
When a supplier as big as NETGEAR clearly doesn't give a damn about customer security, it adds to the hostility of the net and the risks we have to accept when we buy and use NETGEAR products. Even TP-link offered these features on an immature product.
As you might sense,I find this really annoying. Is this inept or is deliberate?
Although monitoring provided by personal line routers satisfy homeowners, any professional network manager I know would not use monitoring provided by personal line routers. They would use more sophisticated firewall and network management systems.
TP-link offers limited monitoring on some products, as an advertising tool, but it is very ineffective for a professional, but satisfying for the Novice.
if you would like to learn more about network monitoring, you can online search the many professional monitoring systems provided by Cisco and other pro network management companies.
I think you fail to realize that for home class routers, AP mode is just that AP mode. No router or security features are enabled when in AP MODE. AP mode is just access point were wifi devices can connect to the wifi signal is all that happens in AP Mode. This is not just NG, this is also industry wide for home class wifi that support AP mode. Seen this in many other router mfrs for home class products. Maybe some business class APs offer some security features on there products, however in home class products AP mode is simlified for home users. Also please understand that when IN AP mode, this transfers any router or security and blocking handling to the main host router which in all cases if not most, should be handling the routing and security management of the network system.
NG design is not inept or flawed. I would presume that maybe your needs for security are mis-placed when in comes to APs and you need to find something better suited for your needs. Security needs are and should be handled by the host router or a firewall device if one wants something of that caliber for home use.
Good Luck.
SmilingEddie wrote:Thanks for this FURRYe38.
The credibility of the Orbi programme management team has just taken a serious knock.
Even the guest wifi password has complexity and the main one also has good length but tha
Why would a network manager not want to know who was connected to the WiFi network, active and how active? Why would they not want to be able to block a device that was foreign or one that was known hostile? How can NETGEAR not realise that the net is hostile and that even home networks are under constant attack these days?
When a supplier as big as NETGEAR clearly doesn't give a damn about customer security, it adds to the hostility of the net and the risks we have to accept when we buy and use NETGEAR products. Even TP-link offered these features on an immature product.
As you might sense,I find this really annoying. Is this inept or is deliberate?
There is a mismatch here. Just because its configured as AP rather than router, doesn’t mean that it is somehow not a route into the internal LAN. It therefore still has a security obligation.
OK, we can hide SSID broadcasts, and use long, complex, passwords with good crypto properties but we need to know that these controls are working as expected. More importantly, we need to know when the aren’t. It’s called Security in depth: multiple independent controls should have to fail before you’re in trouble.
The main router in our network also includes the firewall. It is Internet/ISP-facing, i.e. it guards the front door to our LAN. The NETGEAR router and satellites have a lot of great features but guarding the back door to our LAN is something it doesn’t do adequately.
If you think that only big businesses are under attack, you’re likely to have a very unpleasant surprise. I hope you and your data survive it with a tolerable impact.
We live in a world where even state-sponsor scumbags, theft of sensitive personal data and information to support fraudulent activity which trashes the victim’s credit history, ransomware and blackmail… all have to be considered to ensure survival.
NETGEAR customers who care about their personal data, and have even the slightest awareness of how hostile the digital world can be, have an expectation the products they have bought will include basic features that let them see when a security control, such as a Wifi password, has failed. They should be able to contain the threat. Even the cheapy TP-link Deco home Wifi router and satellites managed that in AP mode. Sure, it had flaws, such as obsolete crypto, but it was still better than that big name NETGEAR.
Your brand loyalty is commendable but until NETGEAR supports security that better equips customers to defend their homes from WiFi-sourced attacks, it is definitely misplaced.
You cleverly sorted out an annoying problem for me in another Orbi link. I hope you can do it again for me here.
SmilingEddie wrote:Even the cheapy TP-link Deco home Wifi router and satellites managed that in AP mode.
I find the Deco User Manual about as (un)informative about operating mode as the Orbi User Manual. On page 24
https://static.tp-link.com/2020/202006/20200628/1910012596_Deco%20M5_V2&V3_UG_2.0.pdf
Router Mode: "Connects to the internet.... NAT and DHCP server are enabled by default."
Access Point Mode: "Functions like NAT, Parental Controls, and QoS are not supported in this mode."
I cannot determine from this what happens to features like DHCP, address reservation, new device detection, IPTV, etc. etc. in access point mode. If some other device is the DHCP server, how does a WiFi access point know which IPs or MAC addresses are valid (or invalid)?
There is probably a good reason that highly sensitive operations take place in "secure" locations: Faraday shields. Employees forbidden to bring cell phones inside the room. etc. etc.
I think it is very clear by now that the only way to prevent access by someone who has deciphered the WiFi password and can thus connect to the WiFi network with a bogus static IP is to have MAC level access control which the Orbi does in router mode, but not in access point mode.
