Router AV

[aviwil]

Is there any need to run AV/malware detect on a router ? If so , how is it done ? I'd imagine it's just like any net connected system which could be virused/hacked ?

 

[evilspoons]

If you're talking about a computer that acts as a router, sure, protect it like any other system. If you're talking about a router "appliance", the anti-virus solutions that some of them run aren't actually to protect the router itself, they're to protect the traffic to the systems behind the router.

The Sonicwall router I have at work allows you to require systems to be running a particular antivirus program before they're allowed to connect to the internet, for example.

 

[aviwil]

Thanks evilspoons - I'm talking of a regular dedicated router .
"the anti-virus solutions that some of them run" - these are part of router provided by it's manufacturer ?
I would just assume that a dedicated router is just a good target ( if not better ) for hackers and virus people . So there are no products by AV , malware etc companies , addressing this issue , to your knowledge ?

 

[Nothinman]

Some models of Cisco routers can have modules that will do basic traffic filtering (e.g. block gambling sites) and scan for malware, but as mentioned they don't protect the router itself. Most commercial routers don't have enough functionality to be good targets for attackers. Even if they get into it, they have very little flash space and a very specialized kernel and runtime. It's always simpler to break into a host that's exposed to the Internet because they have a lot more functionality and holes.

 

[aviwil]

Thanks Nothinman - I gather you are saying , this is something which can be safely ignored .

 

[drebo]

Antivirus on the edge is useful to some extent. It allows for mitigation of a fair number of threats. A lot of times, it's more reliable than a PC-based antivirus because on the PC, the virus needs to be loaded into memory before the AV can catch it...which is stupid. Stop the virus from even getting to the PC and you don't have a problem.

 

[Nothinman]

Thanks Nothinman - I gather you are saying , this is something which can be safely ignored .

In general, yes. There are exploits for things like Cisco's SSH implementation that can be used as jump-off points to internal equipment so you should still pay attention to them, but A/V isn't needed.

Antivirus on the edge is useful to some extent. It allows for mitigation of a fair number of threats. A lot of times, it's more reliable than a PC-based antivirus because on the PC, the virus needs to be loaded into memory before the AV can catch it...which is stupid. Stop the virus from even getting to the PC and you don't have a problem.

Viruses hit memory first because the entry point (e.g. browser) loads them into memory from the remote location before even writing them to temporary files or anywhere else on disk. I think the primary issue with PC A/V is the sheer number of variants that popup. Once a virus proves to be useful there are dozens of variants created which means more signatures.