So I got a new wireless router for my house today and was absolutely appalled at the way they have treated security in the thing. Now, this is not unique at all. I have tried most of the other common home routers as well, and they all sin in about the same ways. Frankly, I have yet to find a wireless product that does security as well as the venerable Microsoft MN-500 802.11b router. Of course, the MS device only does WEP, which is pretty much equivalent to no security at all these days, but when it came out, that was all there was, and it was on by default, and ordinary mortals could actually set it up. Not so with the recent crop of products. Here are some particularly egregious issues:
Administrator PasswordThe Router ships with NO password entered. If you wish to add a password for more security, you can set a password here. Keep your password in a safe place, as you will need this password if you need to log into the router in the future. It is also recommended that you set a password if you plan to use the Remote management feature of this Router.
Let me get this straight; if I wish to have security, I may optionally configure it? Why is security optional? What kinds of passwords might this thing support? There is no mention of it in the manual. However, since it is web-based, I presume it can’t have special characters in it since those get to be URL encoded. Oh, and the walkthrough configuration wizard thingie, that ensures you get a wireless network that is shared with every neighbor that can find it (which is a large number with a MIMO router like this one) does not allow you to set a password.
Hmm, even stranger. When I try to set the password and at the same time told it not to use NAT it actually does not take the password. Weird. It restarts the router, but I can still log in with the default blank password.
People complain about Microsoft security, but frankly, the state of security in the rest of the industry scares me sometimes.