Viewpoint: detailed analysis of Router Security

The routing industry in China is developing very fast and there will be many problems at the same time. So I studied the knowledge of router security and shared it with you here. I hope it will be useful to you. The vro operating system is as vulnerable to hacker attacks as the network operating system.

Most small and medium-sized enterprises do not employ router engineers and do not outsource this function as a required task. Therefore, network administrators and managers do not know much about or have time to ensure vro security. The following are ten basic techniques to ensure vro security.

1. Update your vro security operating system

Like network operating systems, vro security operating systems also need to be updated to correct programming errors, software flaws, and cache overflow issues. Always query the current update and operating system version from your vro manufacturer.

2. Modify the default password

According to the computer emergency response team at Carnegie Mellon University, 80% of security incidents were caused by weak or default passwords. Avoid using common passwords, and use a mix of uppercase and lowercase letters as stronger password rules.

3. Disable HTTP settings and SNMP (Simple Network Management Protocol)

The HTTP settings of your vro are easy for a busy network administrator. However, this is also a security problem for vro security. If your vro has a command line setting, disable HTTP and use this setting method. If you are not using SNMP on your vro, you do not need to enable this function. A Cisco router has an SNMP security vulnerability that is vulnerable to GRE tunnel attacks.

4. Block ICMP (Internet-controlled Message Protocol) ping requests

Ping and other ICMP functions are very useful tools for network administrators and hackers. Hackers can use the ICMP feature enabled on your router security to find information that can be used to attack your network.

5. Disable telnet commands from the Internet

In most cases, you do not need an active telnet session from an Internet interface. If you access your vro from the inside, the security settings will be more secure.

6. Disable IP-targeted Broadcast

IP-targeted broadcast allows you to launch denial-of-service attacks on your devices. The memory and CPU of A vro are too many requests. This result may cause cache overflow.

7. Disable IP routing and IP redirection

Redirection allows data packets to come in from one interface and then exit from another interface. You do not need to redirect specially designed data packets to a dedicated internal network.

8. package filtering

Packet filtering only transmits the data packets that you are allowed to access your network. Many companies only allow port 80 (HTTP) and Port 110/25 (email ). In addition, you can block and allow IP addresses and ranges.

9. Review security records

By simply taking advantage of some time to review your record files, you will see significant attack methods and even security vulnerabilities. You will be surprised when you have experienced so many attacks.

10. Unnecessary Services

Disable unnecessary services. disable unnecessary services on routers, servers, and workstations. Cisco devices provide small services by default through network operating systems, such as echo, chargen and discard ).