https://community.ee.co.uk/t5/Broadband-Landline/Cyber-security-of-EE-Smart-Router/m-p/1157084#M76295 <P>Just wondering if EE have applied the recommendations from the NCSC dated 16 April 2018, to avoid the potential vulnerability exploits of the routers by Russian state actors?</P><P>&nbsp;</P><P>ISPs<BR />• Do not field equipment in the network core or to customer premises with<BR />legacy, unencrypted, or unauthenticated protocols and services. When<BR />purchasing equipment from vendors, include this requirement in purchase<BR />agreements.<BR />• Disable legacy, unencrypted, or unauthenticated protocols and services. Use<BR />modern encrypted management protocols such as SSH. Harden the<BR />encrypted protocols based on current best security practices from the vendor.<BR />• Initiate a plan to upgrade fielded equipment no longer supported by the<BR />vendor with software updates and security patches. The best practice is to<BR />field only supported equipment and replace legacy equipment prior to it falling<BR />into an unsupported state.<BR />• Apply software updates and security patches to fielded equipment. When that<BR />is not possible, notify customers about software updates and security patches<BR />and provide timely instructions on how to apply them.</P><P>&nbsp;</P><P><A href="https://www.ncsc.gov.uk/news/russian-state-sponsored-cyber-actors-targeting-network-infrastructure-devices" target="_blank">https://www.ncsc.gov.uk/news/russian-state-sponsored-cyber-actors-targeting-network-infrastructure-devices</A></P> Wed, 03 Aug 2022 18:58:14 GMT richardcw 2022-08-03T18:58:14Z https://community.ee.co.uk/t5/Broadband-Landline/Cyber-security-of-EE-Smart-Router/m-p/1157084#M76295 <P>Just wondering if EE have applied the recommendations from the NCSC dated 16 April 2018, to avoid the potential vulnerability exploits of the routers by Russian state actors?</P><P>&nbsp;</P><P>ISPs<BR />• Do not field equipment in the network core or to customer premises with<BR />legacy, unencrypted, or unauthenticated protocols and services. When<BR />purchasing equipment from vendors, include this requirement in purchase<BR />agreements.<BR />• Disable legacy, unencrypted, or unauthenticated protocols and services. Use<BR />modern encrypted management protocols such as SSH. Harden the<BR />encrypted protocols based on current best security practices from the vendor.<BR />• Initiate a plan to upgrade fielded equipment no longer supported by the<BR />vendor with software updates and security patches. The best practice is to<BR />field only supported equipment and replace legacy equipment prior to it falling<BR />into an unsupported state.<BR />• Apply software updates and security patches to fielded equipment. When that<BR />is not possible, notify customers about software updates and security patches<BR />and provide timely instructions on how to apply them.</P><P>&nbsp;</P><P><A href="https://www.ncsc.gov.uk/news/russian-state-sponsored-cyber-actors-targeting-network-infrastructure-devices" target="_blank">https://www.ncsc.gov.uk/news/russian-state-sponsored-cyber-actors-targeting-network-infrastructure-devices</A></P> Wed, 03 Aug 2022 18:58:14 GMT https://community.ee.co.uk/t5/Broadband-Landline/Cyber-security-of-EE-Smart-Router/m-p/1157084#M76295 richardcw 2022-08-03T18:58:14Z https://community.ee.co.uk/t5/Broadband-Landline/Cyber-security-of-EE-Smart-Router/m-p/1158275#M76454 <P>Hi <a href="https://community.ee.co.uk/t5/user/viewprofilepage/user-id/959025">@richardcw</a>,</P> <P>&nbsp;</P> <P>Welcome to the EE Community. <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> <P>&nbsp;</P> <P>All our routers are regularly security tested and updated. We follow industry best practice and ensure security vulnerabilities such as those referenced are addressed.</P> <P>&nbsp;</P> <P>James</P> Tue, 09 Aug 2022 14:13:29 GMT https://community.ee.co.uk/t5/Broadband-Landline/Cyber-security-of-EE-Smart-Router/m-p/1158275#M76454 James_B 2022-08-09T14:13:29Z