Companies in the suburbs set up a marketing point, marketing point employees use broadband routers to share the Internet, and corporate headquarters to maintain contact. Therefore, network management often sit two hours of the car to the marketing point of the broadband router maintenance, which makes network management very tired. However, he thought of enabling the broadband router's "Remote Control" feature, remote maintenance of the router at Headquarters.
However, security issues began to haunt him, at the same time, it is convenient for those who "malicious", once they get the router administrator account, can carry out a variety of destructive activities, the consequences are unimaginable. So, how can you enhance the security of remote control?
Make the admin account more complex
To manage a broadband router for a marketing point, you must first have a router administrator account. However, by default, the router's initial account and password are relatively simple, especially when the router's remote control feature is enabled, other users in the public network have access to the router. If the router's initial account is not modified to make it more complex, so that the malicious person is difficult to guess and crack, then the router can be exploited by others.
To plug this vulnerability, you must make the router's administrative account and password more complex. The following network management to the marketing point of the wireless router "tl-wr541g" as an example, describes how to enhance the security of remote management of routers, this method is also valid for the wired router.
Run IE on the client in the marketing point LAN, enter "HTTP://192.168.1.1/" in the Address bar and return ("192.168.1.1" is the default address of the broadband router), then enter the Router administrator account and password, login to the broadband router management interface.
Expand System tools → modify login password in turn, go to the "Modify login Password" Management page, you can modify the account.
Hint: The new administrator account and password must be complex enough to avoid being easily cracked by attackers.
Security Enable remote control
Network management has set up a complex access account for broadband routers, but this is only a good basis for remote security management routers. However, many routers do not have the remote Control feature enabled by default, so they are also manually enabled, and there are a number of techniques and methods for enhancing security during the activation process.
In the broadband router management interface, click on "Security settings → remote Web Management" to enter the "Remote Web Management" settings interface. Then the network administrator can enable the remote control function.
By default, routers use the "80" port to provide remote administration functionality, but this is very insecure and is easily guessed by "bad intentions". Therefore, you can modify the port number, use an infrequently used port to provide remote administration functionality, and modify the port number (such as "1648") used by remote administration in the Web Management port column. Now, it's hard for an attacker to guess the port number.
Next, in the Remote Web management IP Address column, enter the IP address of the public network computer that can be remotely controlled by the router.
The smartest way to do this is to allow a machine that uses a specific IP address to log on to the router, which is set to the IP address (such as "202.102.201.99") that he uses at Headquarters. Now only he can log on to the router on the company's headquarters machine, while other public-network machines are not.
Turn on the router firewall
Through the above settings, router remote management security greatly enhanced, but in the face of the network in the emerging virus and hacker attacks, network management is still a bit uneasy, he intends to use the router's built-in "firewall" for the router's remote control security plus "double insurance."
In the broadband router management interface, click on "Security settings → firewall settings", in the Right settings box select the "Open Firewall" option, click the "Save" button to enable the firewall function of the router.
Then click on "Advanced Security Settings" and go to the Advanced Security Settings page. This provides some more specific security defense features, such as defending against Dos attacks, Icmp-flood attack filtering, and Tcp-syn-flood attack filtering. Network management to do is to enable these features to further enhance the defense capabilities of the router.
After the completion of the above operation, the network management can remotely log on to the marketing point of the router at the company's headquarters, to manage and maintain operations, while the other machines in the public network can not remotely log on to the router to sabotage activities. Now the remote management of routers is much more secure.