How do I prevent a local device from being accessed remotely?

Source: Internet
Author: User
Tags strong password

Many routers, cameras, printers, and other hardware devices can now be linked to the internet alone, increasing the risk of remote access. How to completely eliminate personal privacy by external infringement, to ensure that your equipment and the Internet security isolation? The following small series for everyone to introduce how to prevent local devices are remote access?

Ensure router security

On a typical home network, routers are the most directly connected devices to the Internet. If configured correctly, routers are the only devices that can be accessed from the Internet. All other devices are connected to your router, and routers are likely to divulge these devices, so make sure the router itself is secure.

Not only is the intelligent router, now many ordinary routers also have "remote management" function, so that users can log on to the router through the Internet, and configure its settings. Most people don't use this feature at all, so you should make sure that the feature is disabled. If you enable this feature password is also very weak, the attacker may be able to telnet to your router. This option can be found on the router's web interface, and if you need to manage remotely, be sure to change the default password and, if possible, change it regularly.

Many consumer-level routers have a serious security vulnerability. UPnP is an unsecured protocol that allows devices on the local network to forward ports on the router by creating firewall rules. However, there is a common security problem with UPnP, and routers receive UPnP requests from the Internet, allowing people on the Internet to create firewall rules on your router.

Visit the ShieldsUp Web site, run the UPnP flaw Test (HTTPS://WWW.GRC.COM/X/NE.DLL?BH0BKYD2), and check your router for this UPnP security vulnerability. If you have a security problem with your router, download the latest version of the firmware from the vendor's Web site to update it to resolve the issue. If this doesn't work, try disabling UPnP in the router interface or buying a new router without the problem. After updating the firmware or disabling UPnP, remember to rerun the test to make sure the router is secure.

Ensure that other devices are not accessible

Compared to routers, it is easier to make sure that printers, cameras, and other devices are not accessible over the Internet. Assuming that these devices are connected to the router, it is entirely possible to control whether they can be accessed from the router. These devices should be isolated from the Internet and can only be safely accessed from the local network.

The port forwarding and DMZ features in a generic router can involve these issues. The solution is also straightforward, setting forwards only the ports that really need forwarding and avoiding the DMZ feature. DMZ features are not all routers, if any, routers will receive all inbound traffic including external devices, as if an external device is connected directly to the Internet. In other words, the device inside the DMZ also loses security that is protected behind the router.

If you really want your device to be accessible from the Internet, such as using a webcam to monitor your own situation, you should make sure that the device is installed. The forwarding router port allows devices to be accessed from the Internet, making sure they have a strong password that is not easily guessed and periodically replaced, which is the most basic and effective method.

If you want to be more secure, you can build a VPN. The device is connected to the local network, and we can connect to the Internet by logging on to the VPN and connecting to the local network remotely instead of the device directly. Ensuring the security of a VPN server is easier than securing the security of several devices that have built-in Web server software.

If you only need to connect to a device remotely from one place, you can create firewall rules on the router to ensure that they are accessible only from one IP address. If you want to share a device like a printer on the Internet, try setting up a service like cloud printing rather than exposing the device directly.

Small tip:

When the device is directly exposed to the Internet, remember to make the latest version of the firmware that contains the security patches to ensure the latest version of the device.

Lock Wireless Network

Now streaming media sharing is so developed that any device on a wireless network can access, use, and configure these new networking devices. However, only the local wireless network is safe, if the wireless network is not secure, anyone can connect and hijack your device, it is not difficult to further explore any files shared on the network. This is a cliché, but it's important to use WPA2 encryption and a fairly strong long password, including numbers, symbols, and letters.

We can also try to secure home networks in many other ways, such as using WEP encryption, enabling MAC address filtering, and hiding wireless networks, but these are all based on WPA2 encryption and strong passwords.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.