on 31-07-2021 05:54 PM
I've read lots of times that for best security we should switch off remote access to our routers. I've recently received from TalkTalk a new Sagemcom FAST 5364-X.TY version SG4K10002816t.
I can't find anywhere to switch off remote access, and this topic says it doesn't have remote access.
On the other hand this topic says TalkTalk can switch on/off auto channel selection, so there is remote access.
Can anyone explain this apparent contradiction?
on 10-08-2021 09:31 AM
For the best security and to ensure that your router remains up to date with the latest firmware/security patches, we would always recommend that this remains enabled as this allows us to securely remote diagnose and apply updates as needed in the background without your involvement. On some of our older routers we did allow this to disabled, however we never encouraged or recommended this and on our latest router this is not an option.
on 09-08-2021 10:55 PM
@Birchcroft @ferguson Thank you for your replies. It looks like the idea of remote access to the modem has split into two. The old remote access to the config web-page isn't there, good. The TR-069 access I agree is very unlikely to be part of a security issue.
As I understand it, "WiFi optimisation" means auto-chosing the channel and must change config in the Router. I've seen that you can ask TalkTalk to turn that off, and I will.
on 31-07-2021 10:24 PM
WiFi optimisation operates at a network level. It has nothing to do with remote access to your router, which you can disable if you wish. Although it will not enhance security in any way, your router remains as vulnerable as anything else connected to the internet.
31-07-2021 09:18 PM - edited 31-07-2021 09:26 PM
It depends on what one means by remote access. TalkTalk are unable to initiate access to the router as the TR-069 protocol requires the router to initiate the connection. So if the connection is not initiated they can't access the router, but once initiated they have access, in accordance with the protocol, until the link is closed.
In the post you are talking about the question related to being able to log in to the router via Port 8080. Basically to log in remotely as 'admin' like you can do from the LAN so in that case the answer will be correct.
I don't believe it is possible to disable TR-069 on TalkTalk routers but I use a 3rd party router so I can't be sure and can't check. I suggest you log in as 'admin' and have a look around the menu options to see if one exists to disable TR-069.
Finally, assuming nobody has spoofed TalkTalk's TR-069 management server, or hacked your router and changed the server address, then the connection should be reasonably safe.
31-07-2021 06:15 PM - edited 31-07-2021 08:20 PM