PreviousFriday 21 May 2004, 11:36 PM
Remarkable product but insecure in default configuration
I am composing this review using the product, which does everything claimed in the documentation.
User interface and documentation are very well designed.
I have two criticisms:
1) WEP (Wired Equivalent Privacy) is disabled by default;
2) the default administrator ID and password are well known.
Consequently, if this is deployed by somebody who doesn't understand the consequences (or how to enable WEP and change the password) it may appear to work for a while until somebody, realising that it is insecure, takes control. All the attacker requires is an 802.11b or 802.11g device within radio range of the DG834G.
My advice to Netgear: require that the administrator password is changed before the router will function; include instructions within the printed documentation on enabling WEP (instruction are included on the accompanying CD-ROM) and recommend this as the default configuration. I would like to say enable WEP by default, but understand why this would increase their support costs.
This Member's Rating
