10 tips for fast-growing router security

Source: Internet
Author: User
Tags snmp

Many network administrators do not realize that their routers can be a hot spot for attacks, and that the router operating system is as vulnerable to hackers as the network operating system. Most SMEs do not hire router engineers or outsource this functionality as a necessity. As a result, network administrators and managers have neither the knowledge nor the time to ensure the security of the router. Here are 10 basic tips for ensuring router security.

1. Update your router operating system: Just like the network operating system, the router operating system also needs to be updated,

To correct problems with programming errors, software flaws, and cache overflows. Always check with your router manufacturer for the current update and operating system version.

2. Modify the default password: According to the Computer Emergency Response team at Carnegie Mellon University, 80% of security incidents were caused by weaker or default passwords. Avoid using common passwords and use uppercase and lowercase letters as a more powerful password rule.

3. Disable HTTP settings and SNMP (Simple Network Management Protocol): The HTTP settings section of your router is easy to set up for a busy network administrator. However, this is also a security issue for routers. If your router has a command-line setting, disable the HTTP method and use this setting. If you do not use SNMP on your router, then you do not need to enable this feature. Cisco routers have an SNMP security vulnerability that is susceptible to a GRE tunneling attack.

4. Block ICMP (Internet Control Message Protocol) Ping request: Ping and other ICMP features are useful tools for both network administrators and hackers. Hackers can use the ICMP features enabled on your router to find information that can be used to attack your network.

5. Disable Telnet commands from the Internet: In most cases, you do not need an active Telnet session from the Internet interface. It would be safer to access your router settings from within.

6. Disable IP directed broadcasts: IP directed broadcasts can allow denial of service attacks on your device. The memory and CPU of a single router are hard to handle too many requests. This result can cause a cache overflow.

7. Disabling IP Routing and IP redirection: redirection allows packets to come in from one interface and then out of another. You don't need to redirect well-designed packets to a dedicated internal network.

8. Packet filtering: Packet filtering only delivers the kind of packets you allow into your network. Many companies only allow 80-port (HTTP) and 110/25-port (e-mail). In addition, you can block and allow IP addresses and ranges.

9. Review security records: by simply using some time to review your record files, you will see obvious ways of attacking, or even security vulnerabilities. You will be amazed at how many attacks you have experienced.

10. Unnecessary services: Disable unnecessary services permanently, regardless of unnecessary services on routers, servers, and workstations. Cisco's devices provide some small services via the network operating system, such as Echo, Chargen (character Generator protocol) and discard (discard protocol). These services, especially their UDP services, are rarely used for legitimate purposes. However, these services can be used to implement denial of service attacks and other attacks. Packet filtering can prevent these attacks.

Related Article

E-Commerce Solutions

Leverage the same tools powering the Alibaba Ecosystem

Learn more >

Apsara Conference 2019

The Rise of Data Intelligence, September 25th - 27th, Hangzhou, China

Learn more >

Alibaba Cloud Free Trial

Learn and experience the power of Alibaba Cloud with a free trial worth $300-1200 USD

Learn more >

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.