Germany Proposes Router Security Guidelines

Germany Proposes Router Security Guidelines

The German government has prosed guidelines to increase router security including what kind of routers are sold and installed across the country

The German government has published an initial draft of rules on securing Small Office and Home office (SOHO) routers. The draft, published by the German Federal Office for Information Security (BSI), was put together with input from router vendors, German telecoms, and the German hardware community. 

One approved, router manufacturers don't have to abide by these requirements, but if they do, they can use a special sticker on their products showing compliance.

The 22-page document lists several recommendations and rules for various router functions and features including the following rules: 

  • If the router has a guest WiFi mode, this mode must not allow access to the routers configuration panel
  • WiFi passwords should have a length of 20 digits or more
  • WiFi passwords must not contain information derived from the router itself (vendor model, MAC, etc.)
  • The router must allow an authenticated user to change its password
  • In its default state, access to the admin panel must only be allowed via LAN or WiFi interfaces
  • The router admin panel must show the firmware version
  • The router must warn users about an out-of-data or end-of-life firmware

These are just a few of the BSI recommendations, see more in the above linked-document.

Germany is taking steps to standardize router security following an incident that took place at the end of 2016. A British hacker known as "BestBuy" attempted to hack Deutsche Telekom routers, but bungled the firmware update and crashed nearly a million routers across Germany.


About the Author

Sydny Shepard is the Executive Editor of Campus Security & Life Safety.

Featured

New Products

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

  • QCS7230 System-on-Chip (SoC)

    QCS7230 System-on-Chip (SoC)

    The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge.

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file.