Learning Boundary Router Setup Tutorial

At present, the user application of the border router is very wide, but many people will not set the border router installation, it does not matter, read the XP system of the small series to introduce today to you the text, you must have a lot of harvest, I hope this article can teach you more things.

For most enterprise LANs, border routers have become one of the most important security devices in use. In general, most networks have a major access point. This is the "border router" that is typically used with a dedicated firewall.

With proper setup, the border routers can block almost all the most stubborn bad molecules out of the network. This border router can also allow good people to enter the network, if you like. However, a border router without proper setup is just a little better than no security at all. In the following guidelines, we will look at several convenient steps that you can use to secure your network. These steps will ensure that you have a brick wall that protects your network, not an open door.

1. Modify the default password

According to foreign surveys, 80% of the security breach is caused by weak passwords. A wide list of default passwords for most border routers on the network. You can be sure that someone in some place will know your birthday.

2. Turn off IP direct broadcast (IP directed broadcast)

Your server is very obedient. Let it do what it does, and no matter who sends the instructions. A smurf attack is a denial of service attack. In this attack, an attacker uses a fake source address to send an "ICMP echo" request to your webcast address. This requires all hosts to respond to this broadcast request. This situation will at least degrade your network performance. Refer to your border router information file to find out how to turn off IP direct broadcasts. For example, the command "#no IP source-route" will turn off the IP direct broadcast address of the Cisco border router.

3. If possible, turn off HTTP settings for the border router

HTTP uses an identity protocol that is equivalent to sending an unencrypted password to the entire network. Unfortunately, however, there is no valid rule for verifying a password or a one-time password in the HTTP protocol. Although this unencrypted password may be convenient for you to set up your border router from a remote location (such as home), you can do what you can. Especially if you are still using the default password! If you have to manage the border router remotely, you must make sure to use the SNMPV3 version of the protocol because it supports more stringent passwords.

4. Block ICMP ping request

The main purpose of ING is to identify the host that is currently in use. As a result, ping is typically used for reconnaissance activities prior to a larger scale of coordinated attacks. By canceling the ability of a remote user to receive ping requests, you are much more likely to avoid unnoticed scan activities or to defend "script boys" (scripts kiddies) that look for vulnerable targets. Note that doing so does not actually protect your network from attack, but this will make you less likely to be an attack target.

5. Turn off IP Source routing

The IP protocol allows a host to specify that packets are routed through your network rather than allowing the network component to determine the best path. The legitimate application of this feature is to diagnose connection failures. However, this use is rarely used. The most common use of this feature is to mirror your network for reconnaissance purposes, or for an attacker to look for a backdoor in your private network. This feature should be turned off unless you specify that this feature should be used only for troubleshooting purposes.

6. Determine the requirements of your packet filtering

There are two reasons for blocking the port. One of them is appropriate for your network based on your level of security requirements. For highly secure networks, especially when storing or maintaining secret data, it is usually required to be allowed to filter. In this provision, all ports and IP addresses need to be blocked in addition to the network functionality. For example, port 80 for web traffic and 110/25 ports for SMTP allow access from a specified address, and all other ports and addresses can be closed.

These are simple tutorials written for users of border routers.