Hello, I am trying to do research by investigating how secure are Smal Office/ Home Office routers. Please suggest what are the most suitable tests that can be done for this matter.
Securing a small office/home office (SOHO) requires a two-pronged approach of preventing unwanted access and detecting such access when it occurs. To achieve a high level of protection on your SOHO network, you need to be aware of several procedures that you can perform on your Windows 2000 machines. You also need to understand the importance of installing a personal firewall to close any remaining holes. The eight steps that follow don't, by any means, guarantee that your Internet-connected system won't experience problems, but these techniques will significantly reduce your vulnerabilities.
In order to comprehensively investigate the security of a SOHO router, an analysis of the firmware of the router in question must be performed.
The first steps are to extract and unpack the firmware image, then identify the software (operating system, services, programs, and their versions). Based on this, known vulnerabilities can be checked (e.g., CVEs), a scan for hardcoded credentials can be performed, certificates and private keys can be identified, etc.
This is a lengthy and time-consuming process, but fortunately, there are some tools that automate many of the required tasks and greatly simplify and speed up the process. Take a look at the so-called FACT (Firmware Analysis and Comparison Tool), published as Open Source by Fraunhofer FKIE (https://fkie-cad.github.io/FACT_core/).
Fraunhofer also published a report on home router security in June 2020, summarizing their analysis of 127 routers - the results are very alarming: https://www.fkie.fraunhofer.de/content/dam/fkie/de/documents/HomeRouter/HomeRouterSecurity_2020_Bericht.pdf
The report is also a very good starting point for getting an idea, how the security of SOHO routers can be evaluated.