A colleague asked me to recommend a router for her small business. I asked her for a specification list, and on her list, she specifies secure.
Well, we all know that nothing is completely secure in the tech world, but I started researching router security for her. My first stop was the CERT Vulnerability Database. I typed in the names of router manufacturers, and was (somewhat) surprised to see how many routers have serious vulnerabilities.
Besides searching CERT, what other specific methods are available to help accomplish this task?
Here are the types of things I'm thinking about:
- Additional online resources or databases. From what I gather, CERT intentionally keeps some of their reports hidden.
- Public results of exploit and penetration testing.
- Software to perform testing.
- Online tools to perform testing.
- A list of criteria to consider.
- Anything else.