D-Link First to Add CAPTCHA to Its Home Routers to Help Prevent Against Attacks
D-Link’s CAPTCHA in action | DigitalMediaPhile (Barb Bowman)
My comments on this feature
A lot of blogs, comment pages / forums, social-network sites and Webmail services use a CAPTCHA as part of verifying what kind of user is signing up or adding comments to the blog or forum. Infact, users who wish to contact me via the blog’s contact form will be using CAPTCHA as part of proving who they are. This method, which typically requires a user to transcribe letters or numbers from a purposefully-distorted machine-generated graphic, has worked for a long time as a way to keep spambots from these sites.
By the way, a CAPTCHA-based verification system is a feature that I would like to see as part of adding comments to a blog post like this one or others on my blog. It would make life a lot easier for blog authors like myself when it comes to sorting out genuine comments from irrelevant comment spam.
This technique has been added as part of a firmware upgrade to most current-issue D-Link routers in response to recent security attacks against this class of equipment. These threats, typically in the form of Trojan Horses, take advantage of home-network equipment that is ran at “out-of-the-box” settings because most home users may not know how to configure the devices properly.
What will typically happen with these routers is that if the user wishes to change configuration or set up / modify an administrator account, they have to transcribe characters from the machine-generated graphic in a similar way to authenticating themselves with a blog or Webmail service on signup.
But this kind of security will not replace common-sense network security practices like setting the SSID of your wireless network away from the default and using a strong password on the device’s administrator account. It will augment these measures and more home-network equipment should be equipped with these features. Other practices that can be implemented for best security could include devices working on “least privilege” all of the time with the option of password and CAPTCHA verification for serious configuration tasks. This is similar to how Windows Vista and Windows 7 operate; and how a properly-setup building alarm system operates. For example, the network status page on a router could be available “without login” but you have to log in to change status.
At least this is one step being made towards a secure home and small-business network.