The organization sets up technical service points in different locations in the city. Employees of each service point share the Internet through a Broadband Router and maintain contact with the Organization's network. In order to enable efficient Internet access at each service point, as a network administrator, I often need to take a taxi to each service point to manage and maintain the Broadband Router equipment. Obviously, such management and maintenance are not very efficient, it is also very tiring.
In order to reduce the workload and effectively improve the efficiency of network management, I think of using the remote control function to remotely manage the broadband routers in different service points. However, while enjoying the remote control function to bring convenience to the author, the security problem is still plaguing the author, because the remote control function also gives those who are not in the right direction an opportunity, once these people obtain the privileged account of the router, they may launch various illegal attacks on the Broadband Router, the consequences are unimaginable.
In view of this, this article will provide you with several tips to protect the security of broadband routers. I hope these content will keep your friends away from illegal attacks!
Starting from the port to protect the Broadband Router
By default, the remote control function of the Broadband Router is not enabled. to manage and maintain the device remotely, you must manually enable the function. Although it is relatively simple to enable remote control, to prevent other people from intruding into the Broadband Router through this function, we also need to start from the port to prevent illegal attackers from using the remote control function of the Broadband Router, the specific setting method is as follows:
Log on to the backend management interface of the Broadband Router with the default system administrator account, and find the "Security Settings" and "remote Web management" Parameter options in sequence, open the "remote Web management" parameter settings page, on which we can easily enable the remote control function of the Broadband Router;
By default, the remote control function will provide us with remote management services through the "80" Port of the Broadband Router. As this remote service port number is well known, it is very insecure, attackers can easily guess. Therefore, modify the service port number on the corresponding settings page and use a strange service port to provide remote management services for users, you only need to find the "Web Management port" option on the settings page and set the option value to another port number that is not commonly used, for example, "8660 ". In this way, attackers will not easily guess the Remote Management Service port number.
Next, find the "remote Web management IP Address" setting option on the "remote Web management" page of the Broadband Router, set this option value to the public IP address of the workstation that can remotely manage the Broadband Router. Here, the author sets this IP address to the public IP address of a computer in his office.
Start from the account to protect the Broadband Router
If the network administrator forgets to modify the remote control service port number of the Broadband Router, an illegal attacker can easily open the background logon interface of the Broadband Router, if these attackers still know the initial account and password of the device, they can access the system background to illegally modify the Internet access parameters of the Broadband Router, as a result, it cannot work normally.
By default, the original account and password information provided by the Broadband Router for the user are often relatively simple, so it is easy for others to guess. When the remote control function of the Broadband Router is enabled, other computers in the Internet have more opportunities to remotely access the Broadband Router. If we do not modify the original account of the Broadband Router and make it more complex, the background login password of the Broadband Router can be easily cracked by others and exploited by illegal attackers. To effectively block this security vulnerability, follow these steps to make the login account of the Broadband Router more complex:
First, log on to a workstation in the LAN where the Broadband Router is located, open the Internet Explorer window in the system, and enter the default IP address of the Broadband Router in the browser address box, this address can be found in the operation manual of the Broadband Router, generally "192.168.1.1/". After confirming that the IP address is entered correctly, click the Enter key to open the background login interface of the Broadband Router;
Enter the default account name and password of the Broadband Router in the background interface, and click "OK" to go to The vro background management interface. On this management interface, find the system tool and modify logon password options, and then open the modify logon password settings page, here, we must modify the password information of the Logon account as complex as possible. It is best to include numbers, symbols, letters, and other information at the same time, in this way, attackers in the Internet cannot crack the logon password even if they can open the background logon page of the Broadband Router, as a result, the backend management interface of the Broadband Router cannot be accessed to launch illegal attacks and damage to the router.
Protect the Broadband Router from the Firewall
Although the above two measures can effectively enhance the Remote Management Security of the Broadband Router, the Internet virus and hackers are rampant, many network administrators are not at ease with the above security measures. As a network administrator, the author is no exception. Therefore, I plan to enable the "firewall" that comes with the Broadband Router, in order to keep the Broadband Router away from illegal attacks, the security factor is higher. The following describes how to enable the built-in firewall of the Broadband Router:
First, log on to the backend management interface of the Broadband Router according to the previous operations, and find the "Security Settings" and "firewall settings" options in sequence, on the option settings page, select the "Enable Firewall" project and click the "save" button to enable the firewall function of the Broadband Router correctly.
In the background management interface, find the "Advanced Security Settings" option. On the corresponding options page, we will find that the Broadband Router also provides users with a number of specific security protection functions, for example, ICMP-FLOOD attack filtering, TCP-SYN-FLOOD attack filtering, defense DoS attacks and so on, selectively enable these security functions, we can further improve the ability of Broadband Router to prevent illegal attacks.
- Analysis of the security protection function of the flying fish star Broadband Router
- Pay attention to the "Security" of vro Remote Management"
- Immune wall router and Intranet Security Management Technology