According to the company, managed broadband home routers – which are increasingly being supplied free of charge or a modest charge basis by ISPs – are now considered a type of firewall appliance. As such, the firm adds, the managed BHR certification program has been launched as part of lab's network firewall program.
This program, Infosecurity notes, was established in 1995 and evaluates the effectiveness and security measures of network firewalls. The requirements found within the certification program were developed under ICSA Labs’ ISO 9001/IEC 17025 accredited framework, which verifies the organisation’s quality-management systems and technical competence.
According to Brian Monkman, technology programs manager with ICSA Labs, whilst attacks targeted at routers are not a new threat, his team is seeing an increase in attacks against broadband home routers.
“This threat is exacerbated by the fact that all too often, consumers assume that these products, which are designed to be configured quickly and easily, have the appropriate safeguards in place. Unfortunately, that is not always the case”, he said.
In use, the managed BHR certification testing is billed as evaluating a broadband home router’s effectiveness in identifying safe versus harmful data, and then denying access to malicious data. Certified BHRs, says the labs, can offer consumers a higher level of security assurance.
Interestingly, the company says that, whilst managed broadband home routers are normally designed to be managed by the ISP – with updates and patches supplied/installed remotely – managed BHR products that meet the certification needs will not always include the facility to configure access control rules.
Instead, ICSA Labs says that a default security policy permitting at least a handful of standard services outbound from private hosts must be in effect, so that, when installed, the unit is ready to use and the router can retrieve its public IP address from a remote source.
In addition, once the modem is properly installed, a security policy denying all traffic inbound originating from the public must be in effect. Finally, the capability must exist for remote administrators to authenticate the product.
The first managed BHR products certified under the new program are the Actiontec family of wireless home routers, which includes MI424-WR Rev.E and MI424-WR Rev.F.