How to get the router out of the security puzzle

Source: Internet
Author: User
Tags snmp

Many network administrators do not realize that their routers can be a hot spot for attacks, and that the router operating system is as vulnerable to hackers as the network operating system. Most SMEs do not hire router engineers or outsource this functionality as a necessity. As a result, network administrators and managers have neither the knowledge nor the time to ensure the security of the router. Here are 10 basic tips for ensuring router security.

Update your router's operating system: like a network operating system, the router's operating system needs to be updated to correct programming errors, software flaws, and cache overflow problems. Always check with your router manufacturer for the current update and operating system version.

To modify the default password: According to the Computer Emergency Response team at Carnegie Mellon University, 80% of security incidents were caused by weaker or default passwords. Avoid using common passwords and use uppercase and lowercase letters as a more powerful password rule.

Disabling HTTP settings and SNMP (Simple Network Management Protocol): The HTTP settings section of your router is easy to set up for a busy network administrator. However, this is also a security issue for routers. If your router has a command-line setting, disable the HTTP method and use this setting. If you do not use SNMP on your router, then you do not need to enable this feature. Cisco routers have an SNMP security vulnerability that is susceptible to a GRE tunneling attack.

Block ICMP (Internet Control Message Protocol) Ping request: Ping and other ICMP features are useful tools for both network administrators and hackers. Hackers can use the ICMP features enabled on your router to find information that can be used to attack your network.

Disable Telnet commands from the Internet: In most cases, you do not need an active Telnet session from the Internet interface. It would be safer to access your router settings from within.

Disabling IP directed broadcasts: IP directed broadcasts allow denial of service attacks on your device. The memory and CPU of a single router are hard to handle too many requests. This result can cause a cache overflow.

Disabling IP Routing and IP redirection: redirection allows packets to come in from one interface and then out of the other. You don't need to redirect well-designed packets to a dedicated internal network.

Packet filtering: Packet filtering only delivers the kind of packets you allow into your network. Many companies only allow 80-port (HTTP) and 110/25-port (e-mail). In addition, you can block and allow IP addresses and ranges.

Review security records: by simply using some time to review your log files, you will see obvious ways of attacking, or even security vulnerabilities. You will be amazed at how many attacks you have experienced.

Unnecessary services: Disable unnecessary services permanently, regardless of unnecessary services on routers, servers, and workstations. Cisco equipment through the network

The operating system defaults to providing some small services, such as Echo (Echo), Chargen (character Generator protocol), and discard (discard protocol). These services, especially their UDP services, are rarely used for legitimate purposes. However, these services can be used to implement denial of service attacks and other attacks. Packet filtering can prevent these attacks.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.