Hi TPG,
Can you please advise answers to our questions below in relation to this subject (VPN / security / service), so that I may pass onto my group who are all TPG customers. The relevant background information as per our phone conversations has been summarised below for ease of reference.
1 - Please confirm or advise otherwise that the VPN Server functionality has been removed permanaently from the TPLink VR1600 modems that we use to connect to the Internet, and that this is a permanent security upgrade for our benefit?
2 - Please confirm or advise otherwise that the removal of the system logs, and bandwidth monitoring from the VR1600 modem similarly will result in a security benefit for TPG customers?
3 - Please confirm or advise otherwise that the use of TLS1.0 protocol in any communications of the VR1600 modem is not a security concern, and that we do not need to worry about this from a security perspective?
4 - Please advise any and all actions required to be taken on customer side to ensure the continued and best possible network and customer security is provided by TPG's security team, without interuption?
5 - Please advise which modem is recommended by TPG to replace or supplement the VR1600 in regards to VPN server functions? Alternatively please advise the steps required to reinstate the VPN functionality, as built into the modem either as supplied at time of purchase, or as improved to comply with TPG security standards?
6 - Please advise the specific improvements in security that have been gained by this decision to modify the VR1600 and remove the VPN server function? This need not be a technical response, just enough for our members to know what improvements were made - they can use WolframAlfa to detail the specifics themselves.
7 - Has the backup/restore function in the VR1600 also been removed by TPG, it is no longer available in the menu?
We were a little taken aback when TPG disclosed it had modified the firmware of our modem, to remove functionality, without our consent, and at unavoidable and considerable inconvenience and expense, but the advice from your staff has helped me convince the others that this was a necessary security upgrade. (As I convinced the rest of the group to utilise a common provided to standardise our equiment/services I do feel responsible to all of them when things like this, which really shouldn't happen, do.)
Before we incur further cost in purchasing and commissioning new modems, and documentation updates at each property we would like assurance that this feature is permanently removed from our device/service with TPG and won't be reenabled some time after we have gone to this effort and cost.
Incidentally, at least one member has received professional advice that advises the removal is not (by itself) beneficial from a security perspective, and that is apparent even to the layperson as we are simply purchasing new hardware to replicate the feature removed from our hardware but I think I have talked him around based on the responses TPG has given, and he now wants reassurance about the permanancy of the change.
Another member received advice that the removal of the feature from our hardware is in breach of Australian Consumer Law and common law property rights. I haven't been able to convince him otherwise, I expect I will end up paying for his modem.
I think I have managed to convince the group on the need for them to pay for the new modems as increased Internet security in light of advice from TPG on this forum. The ransomware attack we experienced in February has been a great cost to all involved and it is of some comfort that this change will be to our benefit in a security sense. We are awaiting experts report, and hopefully insurance will cover the significant costs of this attack, I just hope the lack of system logs will not be detrimental in this regard, fingers crossed!
I was told in initial phone query that TPG had faced extra costs because of Covid19 and more people working from home so have been proceeding on the implication that rather than being a service / feature of hardware which has been removed, instead we are paying for the increased security of having the VPN Server functionality removed from the VR1600 and the separate benefit of having VPN sever functionality provided by a secure method, allowing VPN necessary to working from home.
Thank you in advance.
