I meant secure routers on customer premises, ones that are resistant to attacks from at least the network side. That was the big problem with the latest round of DDOS attacks.
What would you sandbox in a consumer router? If there's a web server in there, it needs very limited access the rest of the router.
The web server in a consumer router exists mostly for the purpose of providing an admin interface --- in fact, most attacks on customer prem devices target that web server. Many of the admin functions on the router are game-over for security.
It's a good example of something that seems like it should be straightforward to sandbox, but isn't.
What would you sandbox in a consumer router? If there's a web server in there, it needs very limited access the rest of the router.