4 reasons you will never be secure using your Mirotik, Netgear, Linksys or other consumer grade devices.
The VPNFilter vulnerability has opened a lot of eyes to the world of network security. The very thought that a foreign governments military has complete access to our internet life is terrifying. The ramifications of the vulnerability are real, stolen data, stolen identities, theft, and fraud. It should really be no surprise that the VPNFilter vulnerability exists, and here are the reasons why.
- These devices were never designed to provide security.
If you visit each of these manufacturers web site and do a search, you will not find the word “security”, as it relates to their product, on any of their home pages. This is because these devices are not security devices.
- You can never provide adequate security at the price point these devices are sold.
Visit a true security device manufacturer and you will see the devices sell for multiples of the cost of these devices. Providing security means having Security Operations Centers, international monitoring of the security threat vectors, complicated resource intensive software to run on the devices, and many other expensive security related costs.
- Your security device needs to be continually updated.
Threat vectors are constantly changing. Updating the firmware once or twice in a devices life will not keep you protected. Your device needs to be constantly receiving updated information on the threats that are being thrown at it. A true threat protection device will be receiving updated virus definitions daily or hourly. In the case of a Fortinet, with their security fabric, the device will get updates in real time from other devices as threats are discovered. Not one of the above-mentioned devices is capable of this. As a matter of fact, some devices may only get one update in its entire lifetime!
- These devices are only as smart as you are.
These devices have only a few simple jobs of which they are capable. These include, getting you online quickly, getting your devices online cheaply, keeping others from getting direct access to your network from the outside (I know what you’re thinking “see it does protect me, you just said so!” Read on, and learn why this statement is very misleading.)
Microtik, Netgear, Linksys, and the others do two of these things very well. It’s true, you can get several devices online very cheaply, and the connections tend to be very fast. However, the last item, keeping the bad guys out of your network, they do very poorly.
Let’s start with the VPNFilter problem. In this vulnerability the bad guys literally have direct, secret, and comprehensive access to all of your internet traffic. This is because they have literally gained access to your very device that is designed to protect you. If the very device that is designed to keep people out of your network, is itself compromised, then it very well cannot be doing its job of keeping people out of your network.
Lastly and most importantly, these devices are not intelligent. They will allow you to do anything you want. Whether it is dangerous, harmful, or benign, the devices do not care. If your computer begins suddenly communicating with computers in Russia, the firewall doesn’t care. If you invite a virus into your network, the firewall doesn’t care, it will let it through. If you click a link that brings you to a website that endangers your network, the firewall just allows you to go. These devices do not protect you from your own mistakes.
We at ACS believe that only a UTM firewall, produced by a true security company can secure a network. We work with Fortinet, and sell the Fortigate firewall. Gartner ranks the Fortinet firewall as a leader among all firewall vendors.