Is DD-WRT safe?

As a security professional, “is DD-WRT safe?” is a question I hear a lot. While there are options that I think are safer, I’m perfectly fine with admitting I use DD-WRT myself. I know a lot of other people like me do as well.

One thing is almost certain: DD-WRT is safer than what shipped on your router from the factory.

Is DD-WRT safe?
I’m much more comfortable with DD-WRT than with most stock router firmware from a security point of view.

Router firmware tends to be really buggy and insecure. I’ve written about that before. And while your computer receives automatic updates, your router never does. DD-WRT doesn’t fix that problem, but at least people look at it from time to time and replace some of the buggy components.

That said, I do wish they’d look at it a little more frequently. I don’t think DD-WRT updates the core operating system often enough, and that makes me uneasy. Then again, router manufacturers do it even less.

So let’s talk about what DD-WRT does well.

Routers would be far more secure if they would just reboot once a week. That’s the biggest advantage with DD-WRT: It has that feature built in.

And while this attitude towards security drives me nuts, the story of the bear and the tennis shoes does apply here. I have no idea who originally told this joke but I first heard it from Bo Jackson. Bo told the story of two men hunting in the woods who spied a bear. One hunter stopped to put his tennis shoes on. “What are you doing that for? You’ll never outrun that bear!”

“I don’t have to outrun the bear,” he said. “I just have to outrun you.”

The average consumer router, with its ancient factory-installed software, can’t outrun a sloth, let alone a bear. DD-WRT isn’t perfect but it can certainly outrun a sloth.

In more technical terms, most attackers will look for vulnerabilities that exist in common routers. DD-WRT will have fewer of them. And there’s little point in looking for vulnerable DD-WRT routers when there are millions of worse routers out there.

I went over DD-WRT with a fine-toothed comb late last year and came up with my list of recommended DD-WRT settings. I would urge you to read them over and reconfigure your router. With those settings, you’re still not invincible. But that said, your router isn’t likely to be your biggest security problem anymore.

So, while I’ve had some colleagues raise questions about DD-WRT in the past, it’s not like the world is brimming with alternatives. Relatively speaking, I think DD-WRT is safe enough to use.

One thought on “Is DD-WRT safe?

  • December 30, 2016 at 9:45 pm
    Permalink

    The problem I’ve seen with DD-WRT, and its structural to the nature of only having 2 code maintainers at this time, is that updating to newer Kernel versions is probably going to be too labor intensive. That in turn means that quite a few routers are tied in to much older kernels (though fortunately all of those are still being maintained long term).

    Reply

Leave a Reply

%d bloggers like this: