Logging in to Router on home network. Insecure Connections.
26-06-201717:45 - edited 26-06-201717:47
There have been a number of posts recently when people have stated concerns about logging into their routers, as their browser warns them the connection is unsafe.
While I'll start by saying it's good that people are reading the warnings that the browser makers are adding in. When logging in from a home network, the warnings are not warranted.
Local Vs Remote connections
Lets consider the two connections above. In the first instance, the computer is on the home network, connecting directly to the router. Can an eavesdropper get between the computer and the router? The answer in this case is that if you are using an ethernet cable, it's impossible, without you noticing and even if you use wireless, provided you have WPA2 encryption it's unlikely that anyone can listen in on the connection.
So because there is no risk of eavesdropping we can ignore the insecure connection warnings.
What about remote access from across the internet?
Remote access is disabled by default, but the connection is made over a secure connection on port 8443 (although the port can be changed in the settings to make it more secure). Because of the way certificate validation compares the web address being connected to with the certificate name, it's not possible to have the certificate validate properly and most browsers will complain nowadays. You can ignore the warnings if you so choose. Although this does carry a slight risk of interception. Because of this I would recommend only using remote access to the hub if 100% necessary.
Note: If you do change the remote port away from 8443 then a Man in the middle attack becomes less likely, as attackers are less likely to listen for https traffic on non standard ports.
As a Very Insightful Person, I'm here to share my knowledge. I don't work for Virgin Media.
Re: Logging in to Router on home network. Insecure Connections.
Good suggestions. I typically plug my laptop straight into the router using an ethernet cable rather than a Wifi connection. That way, i you want to make changes to your wifi channels or access point names, you can do so and not worry about getting kicked out or reconnecting. If I make changes in this way, I always log in using wifi to test whether the changes have been implemented.
David Smith, Blueyonder pioneer (2001), OS X Mojave, WIndows 10, Linux Lite 3.8 and iOS. Home network distribution via 802.11ac wireless and HomePlug Av2