Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: Can Commercial Hardware Routers Be Trusted?

Posted by timothy on from the rot13-is-the-only-way dept.

First time accepted submitter monkaru writes "Given reports that various vendors and encryption algorithms have been compromised. Is it still possible to trust any commercial hardware routers or is 'roll your own' the only reasonable path going forward?" What do you do nowadays, if anything, to maintain your online privacy upstream of your own computer?

7 of 213 comments (clear)

  1. Still have to rely on the NICs by ModernGeek · · Score: 4, Insightful

    You still have to rely on the trustworthiness of the NICs. Anything contacted to the Internet can not be trusted.

    --
    Sig: I stole this sig.
  2. The Wrong Question by agwadude · · Score: 4, Insightful

    You shouldn't have to trust your upstream routers. Instead you should assume they're compromised and use end-to-end encryption. HTTPS and SSH, for example, specifically protect against active attackers such as malicious routers.

  3. Re:No. by sabri · · Score: 5, Insightful

    actually the obvious answer is that trust is not a binary thing.

    Actually, the obvious answer is that you don't have a choice. No matter how much effort you put into it, you will always be depending on third party hard- or software that simply have to trust. So, you want to solder your own PCB? Sure, go ahead, but your Ralink SoC is still manufactured somewhere in China. Don't trust Cisco's IOS? Sure, write your own, and let me know how you designed and manufactured your own ASICs. And then we're not even discussing the fact that as soon as the packet leaves your router, it will enter one that you don't even own. Yes, there is a lot that you can do and I think the closest real answer to the poster's question is to just get an OpenWRT capable router and compile from scratch, but to not trust anyone is simply not an option.

    --
    I'm not a complete idiot... Some parts are missing.
  4. Re:No. by erroneus · · Score: 4, Insightful

    I was going to say that.

    RSA compromised with money. Cisco compromised already documented. Juniper? I don't know but I wouldn't doubt it.

    NSA, you've turned the world against the US and all its businesses. Happy yet?

  5. Re:It can be a good thing too by SB9876 · · Score: 4, Insightful

    Like RSA or Microsoft?

  6. Re:For VPNs, or for routing? by FlyHelicopters · · Score: 4, Insightful

    I am pretty sure if they are interested enough they will get the data one way or another.

    This...

    Or has no one ever heard of rubber-hose cryptography?

    If all else fails, they can break in at night and steal the information locally, or simply put a gun to your head.

    When it comes to computer nerds, that last option probably has a 99.99% success rate.

  7. Re:No. by erroneus · · Score: 4, Insightful

    It has been demonstrated that the intelligence agencies (plural) in the US government is the tail that wags the dog. This is historically true and more than likely true today as well. When you've got the dirt on many people, how tempting would it be to leverage that into getting your way? It's a temptation many could not avoid exploiting.