Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


JNA



21 posts

Geek
+1 received by user: 5


Topic # 210196 17-Mar-2017 13:36
Send private message

Hi All,

 

I would like to know if there is a way to enable all HTTP connections to the Spark HG659B Home Gateway device to be HTTPS by default?

 

IMHO this should be the only way to connect to your modem as if I purchased a current quality, alternative from TP-Link, HTTPS would be activated.

 

I've have looked through all the sections on the device portal, read the Huawei Manual and quite a few pages of this forum to no avail.

 

If there is no way to do this, fine however a feedback channel to Spark NZ in relation to this would be appreciated.

 

TIA. JNA.


Create new topic
6166 posts

Uber Geek
+1 received by user: 2626

Moderator
Trusted
Subscriber

  Reply # 1742751 17-Mar-2017 13:44
4 people support this post
Send private message

Erm why? You shouldn't need HTTPS if it is just on your local network as you're only going to man in the middle yourself. If you've got it exposed to the internet then disable this now.





Michael Murphy | https://murfy.nz
Want to be with an epic ISP? Want $20 to join them too? Well, use this link to sign up to BigPipe!
The Router Guide | Community UniFi Cloud Controller | Ubiquiti Edgerouter Tutorial


JNA



21 posts

Geek
+1 received by user: 5


  Reply # 1742784 17-Mar-2017 14:49
Send private message

It's internal but still, why not mandate HTTPS?


 
 
 
 


203 posts

Master Geek
+1 received by user: 58


  Reply # 1742786 17-Mar-2017 14:55
9 people support this post
Send private message

How would you add a valid certificate? A self-signed certificate would throw a browser error that would freak most users out.


3170 posts

Uber Geek
+1 received by user: 1661

Trusted
Spark NZ

  Reply # 1742788 17-Mar-2017 14:55
Send private message

I'm not aware of any way to force this. The router will respond to HTTPS if you address it directly, but doesn't appear to be able to force it - at least not in a standard and supported way. I don't know what you might be able to do from a CLI but it's not going to be a supported config.

 

FWIW - I agree with the above that this is not particularly valuable. If someone is already on your network then you've already lost.

 

Cheers - N

 

 


24994 posts

Uber Geek
+1 received by user: 4880

Moderator
Trusted
Biddle Corp
Subscriber

  Reply # 1742795 17-Mar-2017 15:09
2 people support this post
Send private message

Why do you believe it's such an essential feature?

 

HTTPS without signed certs is a waste of time due to the errors it throw up in modern browsers.


739 posts

Ultimate Geek
+1 received by user: 186

Trusted

  Reply # 1742799 17-Mar-2017 15:14
Send private message

Latest firefox throws up warnings about inputing passwords over an unencrypted connection, which I noticed recently on my HG659B. So, some users are going to freak out either way.

19665 posts

Uber Geek
+1 received by user: 3491

Trusted
Subscriber

  Reply # 1742801 17-Mar-2017 15:22
One person supports this post
Send private message

The only way to make it not freak people out is to rely on it DNS intercepting a fully qualified name they have the ability to get a cert generated for, which IMO is a much more messy solution than just using http and putting up with the not secure message.





Richard rich.ms

1569 posts

Uber Geek
+1 received by user: 464

Subscriber

  Reply # 1749127 28-Mar-2017 01:50
One person supports this post
Send private message

To get a trusted cert installed on a router would mean the private keys for that cert would have to also be saved into that router. This would be very,very bad. As anyone who has that router would be able to get access to those private keys and issue their own fake certs for any website. That would then be trusted by web browsers.

 

And if the connection is getting bounced between you - server somewhere on the internet - router. Then you have to also trust that server.

 

I would be very worried if routers are getting shipped out with trusted certs installed in them. To make it at least semi secure the router would need a TPM installed. And then it would need a way of been securely updated, as certs only last for 2 years. Since consumer grade routers are cheaply made, and various models have been previously hacked. I see 0 chance of certs on a consumer router not getting hacked almost immediately. And if you don't have internet access, how would your browser check if the cert has been revoked or not?






Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

NotPetya ransomware attack, New Zealand view
Posted 28-Jun-2017 15:07


Security concerns reach new peak, Unisys Security Index
Posted 27-Jun-2017 14:11


Behind Spark’s slow-burn 4.5G plan
Posted 26-Jun-2017 16:23


Red Hat unveils production-ready open source hyperconverged infrastructure
Posted 23-Jun-2017 22:10


Whatever ailed Vodafone broadband … seems to be fixed
Posted 23-Jun-2017 14:10


VMware NSX Meets Stringent Government Security Standards with Common Criteria Certification
Posted 22-Jun-2017 19:05


Brother launches next-generation colour laser printers and all-in- ones for business
Posted 22-Jun-2017 18:56


Intel and IOC announce partnership
Posted 22-Jun-2017 18:50


Samsung Galaxy Tab S3: Best Android tablet
Posted 21-Jun-2017 12:05


Wellington-based company helping secure Microsoft browsers
Posted 20-Jun-2017 20:51


Endace delivers high performance with new 1/10/40 Gbps packet capture card
Posted 20-Jun-2017 20:50


You can now integrate SMX security into Microsoft Office 365, Google and other cloud email platforms
Posted 20-Jun-2017 20:47


Ravensdown launches new decision-making tool HawkEye
Posted 19-Jun-2017 15:38


Spark planning to take on direct management of all consumer stores
Posted 19-Jun-2017 10:03


Qrious acquires Ubiquity
Posted 14-Jun-2017 12:21



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.