Without Cisco's latest security warning reminder, many network administrators have not yet realized that their routers can be a hot spot for attacks. Router operating systems are as vulnerable to hackers as network operating systems. Most SMEs do not hire router engineers, nor do they outsource this feature as a must-do. Therefore, network administrators and managers do not know much or have time to ensure the security of the router. Here are ten basic tips to ensure the security of your router.
1. Update your router operating system: Just like a network operating system, the router operating system needs to be updated to correct programming errors, software defects and cache overflow issues. Check your router vendor for current updates and operating system versions frequently.
2. Modify the default password: According to the Computer Emergency Response Team of Carnegie Mellon University, 80% of security incidents are caused by weaker or default passwords. Avoid using normal passwords and use a mix of upper and lower case letters as a more powerful password rule. The following link is a normal password used by computer administrators:/.
3. Disable HTTP settings and SNMP (Simple Network Management Protocol): The HTTP settings part of your router is easy to set for a busy network administrator. However, this is also a security issue for routers. If your router has a command line setting, disable HTTP and use this setting. If you are not using SNMP on your router, you don't need to enable this feature. Cisco routers have an SNMP security vulnerability that is vulnerable to GRE tunnel attacks.
4. Block ICMP (Internet Control Message Protocol) ping requests: ping and other ICMP functions are very useful tools for network administrators and hackers. Hackers can use the ICMP enabled on your router to find out information that can be used to attack your network.
5. Disable the telnet command from the Internet: In most cases, you do not need an active telnet session from the Internet interface. It will be safer to access your router settings from within.
6. Disable IP Directed Broadcasting: IP Directed Broadcasting can allow denial of service attacks on your device. The memory and CPU of a router cannot withstand too many requests. This result can cause cache overflow.
7. Disable IP routing and IP redirection: Redirection allows packets to come in from one interface and then go out from another interface. You don't need to redirect carefully designed packets to a dedicated internal network.
8. Packet Filtering: Packet Filtering only delivers the kind of packets you allow to enter your network. Many companies only allow port 80 (HTTP) and port 110/25 (email). Additionally, you can block and allow IP addresses and ranges.
9. Review security records: By simply using some time to review your record files, you will see obvious attacks, and even security vulnerabilities. You will be amazed at how many attacks you have experienced.
10. Unnecessary services: Always disable unnecessary services, whether they are routers, servers, or workstations. Cisco devices provide small services by default through the network operating system, such as echo, charger, and discard. These services, especially their UDP services, are rarely used for legitimate purposes. However, these services can be used to implement denial of service attacks and other attacks. Packet filtering can prevent these attacks. Article entry: csh Editor in charge: csh
1. Update your router operating system: Just like a network operating system, the router operating system needs to be updated to correct programming errors, software defects and cache overflow issues. Check your router vendor for current updates and operating system versions frequently.
2. Modify the default password: According to the Computer Emergency Response Team of Carnegie Mellon University, 80% of security incidents are caused by weaker or default passwords. Avoid using normal passwords and use a mix of upper and lower case letters as a more powerful password rule. The following link is a normal password used by computer administrators:/.
3. Disable HTTP settings and SNMP (Simple Network Management Protocol): The HTTP settings part of your router is easy to set for a busy network administrator. However, this is also a security issue for routers. If your router has a command line setting, disable HTTP and use this setting. If you are not using SNMP on your router, you don't need to enable this feature. Cisco routers have an SNMP security vulnerability that is vulnerable to GRE tunnel attacks.
4. Block ICMP (Internet Control Message Protocol) ping requests: ping and other ICMP functions are very useful tools for network administrators and hackers. Hackers can use the ICMP enabled on your router to find out information that can be used to attack your network.
5. Disable the telnet command from the Internet: In most cases, you do not need an active telnet session from the Internet interface. It will be safer to access your router settings from within.
6. Disable IP Directed Broadcasting: IP Directed Broadcasting can allow denial of service attacks on your device. The memory and CPU of a router cannot withstand too many requests. This result can cause cache overflow.
7. Disable IP routing and IP redirection: Redirection allows packets to come in from one interface and then go out from another interface. You don't need to redirect carefully designed packets to a dedicated internal network.
8. Packet Filtering: Packet Filtering only delivers the kind of packets you allow to enter your network. Many companies only allow port 80 (HTTP) and port 110/25 (email). Additionally, you can block and allow IP addresses and ranges.
9. Review security records: By simply using some time to review your record files, you will see obvious attacks, and even security vulnerabilities. You will be amazed at how many attacks you have experienced.
10. Unnecessary services: Always disable unnecessary services, whether they are routers, servers, or workstations. Cisco devices provide small services by default through the network operating system, such as echo, charger, and discard. These services, especially their UDP services, are rarely used for legitimate purposes. However, these services can be used to implement denial of service attacks and other attacks. Packet filtering can prevent these attacks. Article entry: csh Editor in charge: csh