The router operating system is as vulnerable to hackers as the network operating system. Most SMEs do not hire router engineers or outsource this functionality as a necessity. As a result, network administrators and managers have neither the knowledge nor the time to ensure the security of the router. Here are 10 basic tips for ensuring router security.
1, update your router operating system: Just like the network operating system, the router operating system also needs to be updated in order to correct programming errors, software flaws and buffer overflow problems. Always check with your router manufacturer for the current update and operating system version.
2, modify the default password: According to Carnegie Mellon University's Computer Emergency Response Team, 80% of the security incidents are due to weak or the default password caused. Avoid using common passwords and use uppercase and lowercase letters as a more powerful password rule.
3. Disable HTTP settings and SNMP (Simple Network Management Protocol): The HTTP settings section of your router is easy to set up for a busy network administrator. However, this is also a security issue for routers. If your router has a command-line setting, disable the HTTP method and use this setting. If you do not use SNMP on your router, then you do not need to enable this feature. Cisco routers have an SNMP security vulnerability that is susceptible to a GRE tunneling attack.
4, block ICMP (Internet Control Message Protocol) Ping request: Ping and other ICMP features for network administrators and hackers are very useful tools. Hackers can use the ICMP features enabled on your router to find information that can be used to attack your network.
5, disable the Telnet command from the Internet: In most cases, you do not need an active Telnet session from the Internet interface. It would be safer to access your router settings from within.
6. Disable IP directed broadcasts: IP directed broadcasts allow denial of service attacks on your device. The memory and CPU of a single router are hard to handle too many requests. This result can cause a cache overflow.
7. Disabling IP Routing and IP redirection: redirection allows packets to come in from one interface and then out of the other. You don't need to redirect well-designed packets to a dedicated internal network.
8. Packet filtering: Packet filtering only transmits the kind of packets you allow to enter your network. Many companies only allow 80-port (HTTP) and 110/25-port (e-mail). In addition, you can block and allow IP addresses and ranges.
9. Review security records: by simply using some time to review your record files, you will see obvious ways of attacking, or even security vulnerabilities. You will be amazed at how many attacks you have experienced.
10, unnecessary services: Always disable unnecessary services, whether it is routers, servers and workstations on unnecessary services are disabled. Cisco's devices provide some small services via the network operating system, such as Echo, Chargen (character Generator protocol) and discard (discard protocol). These services, especially their UDP services, are rarely used for legitimate purposes. However, these services can be used to implement denial of service attacks and other attacks. Packet filtering can prevent these attacks.