Is there some problems with this? Gl is highly recommended as secure ones…
As I know this process can brick device so hard that even Uboot will not help.
I would say that depends on what you classify as a secure system. Do I trust GL.iNet more than Cisco? Yes - but that's more due to Cisco's bad reputation.
GL.iNet has been struggling with poor software quality for several months (some will even say years). I think I can see that it is slowly getting better - but overall, it will take some time.
I would therefore switch to plain OpenWrt in “protected areas”. And then do everything there via SSH or only use HTTP via the SSH proxy.
It's pretty safe if you use only sysupgrade images.
Buggy? Or vulnerable?
This is interesting. Is there any guidance?
No.
As I repeatedly wrote, without situation everything is guesswork.
Buy a GL.iNet router, add it to your network via WAN and put your devices in LAN, and this is secure.
Put it in a public WLAN or Network, and activate a VPN to your home or a trusted provider, that is secure.
If you have done all this above and answer a phishing mail, answer a 'support call from Microsoft' or ignore a SSL certificate security warning, everything is useless. But in this case all your above described countermeasures are as well.
If you don't publish any service outside, the attack surface is low. And GL.iNet is not publishing services on WAN.
The respond to ICMP, what is good, because then the network can see it and build routes above the reply timings...
If any of my GL.iNet routers don't work, I set them to factory reset, add the WLAN and upload the WireGuard config. Done. I am secure as needed from anywhere. The provider where I stand is not able to MITM my connection.
At home I run a PiHole, that I will change to a AdGuard Home for testing some day.
And I will switch to Plain OpenWRT, to split Main Network, Guest Network and IOT/multimedia Network.
For historical reasons I run a snort to analyze my traffic, but I rarely look at this anymore.
- Just don't install shady plugins/programs/packages*
- Just don't open services to WAN*
- Just don't test in production
- You don't know.
I also would appreciate if GL.iNet would provide 2FA, with RFID (NFC) or Yubikey for login, if I could change the default usernames or a voucher system for GuestWLAN.
But we are not using enterprise environment.
And if there is a known vulnerability, GL-iNet is motivated to Backport the fix, even to the older base OpenWRT setups.
If you install a GL.iNet firmware, based in OpenWRT 21.06, it is more secure than a plain OpenWRT 21.06... except they are rebuild their images as well, I am not familiar with the OpenWRT releases, yet.
Mostly buggy. They patch pretty fast, mostly - so this isn't the problem.
So basically what @LupusE said.
This is not an issue.
I tried many routersn, and Gl is one of the best. I even had MicroTik (rare crap!)n. So I just looking for advanced security measures as if you breach my LAN you will be able to disable alarm for example.
So it is critical to block everything that isn’t used for now to increase security
Uhm.
Are you sure you know what you are doing?
MikroTik is one of the most stable, secure and reliable routers on the market. But a steep learning curve.
1 Like
Yes.
It seems you never had “bricked” MicroTik because of update. I had so much headache with MicroTik… So searched for routers. And got Gl recommended.
Gl is one of the most suitable for me + uses openwrt interface