How to manage vrouters remotely

The company has set up marketing sites in the suburbs. Employees of marketing sites use broadband routers to share the Internet with their headquarters. Therefore, the network management usually takes over two hours to go to the marketing point to maintain the Broadband Router, which makes the network management very tired. However, he thought of enabling the "Remote Control" function of the Broadband Router and performing remote maintenance on the router at the headquarters.

However, security problems are bothering him. At the same time, it facilitates those who are "unfriendly". Once they get the Administrator account of the router, they can carry out various damage activities, the consequences are unimaginable. So how can we enhance the security of remote control?

Make management accounts more complex

To manage the broadband routers in the marketing site, you must first have the Administrator account of the router. However, by default, the initial account and password of the vro are relatively simple, especially when the vro remote control function is enabled, other users in the public network will have the opportunity to access the vro. If you do not modify the initial account of a vro to make it more complex and make it difficult for malicious users to guess and crack it, The vro may be used by others.

To block this vulnerability, you must make the vro management account and password more complex. The following network management to marketing wireless router "TL-WR541G" as an example, describes how to enhance the security of router remote management, this method is also effective for wired routers.

Run IE browser on the client in the LAN of the marketing site, enter "http: // 192.168.1.1/" in the address bar, and press ENTER "192.168.1.1" as the default address of the Broadband Router ), enter the vro Administrator account and password to log on to the vro Management page.

Expand "System Tools> change logon password" in sequence, and go to the "Modify logon password" Management page to modify the account.

Tip: the new Administrator account and password must be complex enough to prevent attacks.

Enable remote control for security

Network management has already set a complex access account for the Broadband Router, but this only lays a good foundation for the Remote Security Management router. However, many vrouters do not enable the remote control function by default. Therefore, they must be manually enabled. In addition, there are many security enhancement techniques and methods.

On the Broadband Router Management page, click "Security Settings> remote Web management" to go to the "remote Web management" page. Next, the network administrator can enable the remote control function.

By default, the vro uses port 80 to provide remote management, but this is very insecure and is easily guessed by "bad intentions. Therefore, you can modify the port number and use an uncommon port to provide remote management. In the "Web Management port" column, modify the port number used by remote management, such as "1648 "). Now, it is hard for attackers to guess the port number.

Next, in the "remote Web management IP Address" column, enter the IP address of the public network computer that can remotely control the vro.

The most sensible way is to allow a machine that uses a specific IP address to remotely log on to the router. The network administrator sets this parameter to the IP address used by the machine at the headquarters, for example, "202.102.201.99 "). Currently, he can only remotely log on to the vro on the machine at the headquarters of the company, but not on other public networks.

Enable vro Firewall

Through the above settings, the security of vro remote management is greatly enhanced, but the network management is still a bit insecure in the face of the virus and hacker attacks that are emerging all the time in the network, he plans to use the built-in "firewall" of the router to add "double insurance" to the remote control security of the router ".

On the Broadband Router Management page, click "Security Settings> firewall settings", and select "Enable Firewall" in the "Settings" box on the right, click "save" to enable the firewall function of the router.

Click "Advanced Security Settings" to go to the "Advanced Security Settings" page. Here provides some more specific security defense functions, such as defense DoS attacks, ICMP-FLOOD attack filtering and TCP-SYN-FLOOD attack filtering. What network management needs to do is to enable these functions to further enhance the router's defense capabilities.

After completing the above operations, the network management can remotely log on to the marketing point's router on the machine at the company's headquarters for management and maintenance operations, other machines in the public network cannot remotely log on to the vro to perform the damage. Now vro remote management is much safer.