Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
| docs:guide-user:security:openwrt_security [2021/03/29 12:23] – links, formatting vgaetera | docs:guide-user:security:openwrt_security [2022/11/06 13:10] – [I have custom packages installed...] mdvthu | ||
|---|---|---|---|
| Line 7: | Line 7: | ||
| You need to set a password on your OpenWrt root account. | You need to set a password on your OpenWrt root account. | ||
| - | The root account is the default OpenWrt admin account on your device. The next chapter will show you how to do this. | + | The root account is the default OpenWrt admin account on your device. |
| + | The next chapter will show you how to do this. | ||
| This page also contains some general information about security of OpenWrt and what you should do in general, to keep your router in a properly secured state. | This page also contains some general information about security of OpenWrt and what you should do in general, to keep your router in a properly secured state. | ||
| Line 62: | Line 63: | ||
| * Don't share your root password with others, even if they promise some hot skateboarding penguins pictures in return | * Don't share your root password with others, even if they promise some hot skateboarding penguins pictures in return | ||
| - | ===== I don't need to set a 'root' | + | ===== I don't need to set a root password, when I am the only user. Right?.... ===== |
| Congratulations that you do not have to share precious bandwidth with others, but you still need to set a root password. | Congratulations that you do not have to share precious bandwidth with others, but you still need to set a root password. | ||
| - | Because any web site you call from a browser in your home network (e.g. those that promise hot skateboarding penguins pictures) could easily use so called [[wp> | + | Any web site you call from a browser in your home network (e.g. those that promise hot skateboarding penguins pictures) could easily use so called [[wp> |
| + | If no root password is set, such malicious sites could manipulate your OpenWrt device in a way that you won't like. | ||
| So just go and set a password on your root account now. | So just go and set a password on your root account now. | ||
| Line 105: | Line 107: | ||
| ===== A word about high-value weak points on OpenWrt ===== | ===== A word about high-value weak points on OpenWrt ===== | ||
| OpenWrt devices have 2-4 common services running, which kind of mark high-value targets for malware (even when only available in your LAN-zone): Any harmless looking web site, you have visited in your browser, could use cross site request forgery tricks, abusing an unpatched security flaw in one of these services. | OpenWrt devices have 2-4 common services running, which kind of mark high-value targets for malware (even when only available in your LAN-zone): Any harmless looking web site, you have visited in your browser, could use cross site request forgery tricks, abusing an unpatched security flaw in one of these services. | ||
| - | This could lead to malicious malware redirect attacks where [[https://secure.wphackedhelp.com/blog/wordpress-malware-redirect-hack-cleanup/# | + | This could lead to malicious malware redirect attacks where [[https://attack.mitre.org/techniques/T1189/|website redirects to a malware site]] and so on. |
| These high-value services in particular are: | These high-value services in particular are: | ||