Set a broadband routing gateway to completely remove security risks in Internet cafes

Router Security is very important for Internet cafes. How can we truly ensure network security in Internet cafes? Here we will explain how to set up a broadband routing gateway to improve the security of Internet cafes. Common viruses in the network include shock waves, shock waves, and worms. To deal with these viruses, HiPER's main strategy is to first prevent and then scan and then kill.

The HiPER broadband routing Gateway provides powerful firewall functions. The unique packet filtering routing technology can filter packets by their MAC addresses, IP addresses, protocols, ports, and even content, in particular, it supports filtering multiple sites, keywords, and URLs. For common viruses like shock waves, you only need to directly reference the firewall policies in the configured rule library. Of course, this can only prevent viruses from the network. If you use a storage tool such as a USB flash drive to infect the host with viruses, You need to view the virus through the HiPER WEB management interface. On the WebUI Internet access monitoring page, query all the current Internet access records. You can see a large number of NAT sessions sent by hosts infected with the shock wave virus. The features are as follows: TCP, the Internet port is 135/139/445/1025/4444/5554/9996. In a session, the host has an upload package. The downloaded package is usually small or 0. After checking, you need to disconnect the host from the Intranet, and then configure the corresponding policy on the security net to disable the port on which the virus sends packets.

Shock waves are just a typical family of powerful worms, while other viruses, such as SQL worms, and some variant viruses developed from these attacks, it will also bring a huge disaster to the network. Although various forms of virus are different, the principle is not much different. In view of their common characteristics, port scanning is used to spread the virus. HiPER's firewall policy can be applied on any interface to prevent port scanning and identify worm attacks.

Attack prevention

Compared with the loss caused by the spread of the above worm virus, the artificial active attacks by Internet cafe hackers are even more troublesome, such as source address spoofing DDOS attacks and ARP attacks. For these attacks, the HiPER broadband routing gateway can disable port scanning through the firewall policy of the application on the interface to prevent DDOS attacks and ARP spoofing.

For DDOS attacks with forged source addresses on the Intranet, you can easily check the attack through the monitoring interface of the HiPER broadband routing gateway. The so-called source address forgery attack means that the hacker machine sends a large number of packets with the source address spoofing to the affected host, occupies the NAT session resources of the security gateway, and eventually occupies the NAT session table of the security gateway, as a result, all users in the LAN cannot access the Internet. It is displayed in the NAT status on the Web interface. You can see that there are many users who do not belong to the Intranet IP segment in the "IP address" column. In the user statistics, you can see that the security gateway receives massive data packets from a user, but the data packets sent by the security gateway to the user are very small, it is determined that the user may be launching a source address forgery attack. The solution is to disconnect the host from the Intranet, and then configure a policy in the HiPER broadband routing gateway to allow only the Intranet CIDR blocks to connect to the security gateway, let the Security Gateway proactively reject the TCP connection from the forged source address.

ARP attacks disguise a host on the Intranet as a gateway, deceiving other hosts on the Intranet to send all the information sent to the gateway to this host. However, because the data processing and forwarding capabilities of this host are far lower than those of the Gateway, a large amount of information will be blocked, and the network speed will become slower and slower, and even cause network paralysis, the purpose is to intercept user information and steal user information such as online game accounts and QQ passwords. When a host in the LAN runs the ARP spoofing Trojan program, other users directly access the Internet through the router and then access the Internet through the virus host. When switching, the user will disconnect the line once. When the ARP spoofing Trojan program stops running, the user will resume accessing the Internet from the vro. During the switchover, the user will be disconnected again.

This message indicates that the user's MAC address has changed. When the ARP spoofing Trojan starts running, the MAC address of all hosts in the LAN is updated to the MAC address of the virus host. Now that we know the MAC address of the host that uses ARP to spoof the trojan, we can use the NBTSCAN tool to quickly find it. NBTSCAN can obtain the real IP address and MAC address of the PC. If there is a "legend Trojan", you can find the IP address and MAC address of the PC with the Trojan. Of course, if you use HiPER to bind IP/MAC to intranet users, you cannot change your MAC address at will to avoid ARP attacks. Another solution for ARP attacks is to set the router to send ARP broadcasts to the Intranet host at regular intervals, that is, to tell each host where the real gateway is. This prevents other hosts from impersonating the gateway. HiPER allows you to set the ARP broadcast frequency, and does not allow others to impersonate themselves.

Anti-BT

There is also a kind of user behavior in the internet cafe that will affect other people's Internet access, that is, BT download. If a user in the Intranet uses BT download, it will occupy almost all the Intranet bandwidth, leading to network paralysis, the specific manifestation is that the webpage cannot be opened or opened slowly, the chat messages cannot be sent out, and the game becomes stuck. For this behavior, the bandwidth control function can be used in the HiPER broadband routing gateway. HiPER bandwidth control uses a flexible CBT credit-based traffic control algorithm. The CBT algorithm mainly realizes fair bandwidth allocation in the internal network, and limits the ultra-high traffic of P2P downloads such as BT and donkey. The CBT algorithm uses the social engineering principle to give bandwidth credit to each host in the network. Once the traffic of some hosts exceeds the credit limit, it takes punitive measures to reduce the bandwidth of these hosts.

The prevention of BT download is mainly to use CBT to limit the maximum bandwidth for users in the network, which can limit users' BT download and occupy others' bandwidth. Of course, the CBT algorithm based on the social engineering principle credit mechanism is more user-friendly for the management of downloading of P2P tools such as BT. The user's credit for downloading Using BT on the Intranet will decrease sharply as the bandwidth usage increases suddenly. As the credit declines, the user's available bandwidth will decrease, this mechanism is more flexible. The combination of the two is better. In addition, HiPER can also use common P2P software with one click through the WEB interface configuration, such as prohibiting BitComet, Iot platform genie, donkey, and lightning, and prohibiting thunder from searching for resources.