Ten Tips for quickly enhancing vro security and ten tips for vrouters

Source: Internet
Author: User
Tags snmp

Ten Tips for quickly enhancing vro security and ten tips for vrouters
If it weren't for Cisco's latest Security Warning, many network administrators have not yet realized that their routers can become the hotspot of attacks. The vro operating system is as vulnerable to hacker attacks as the network operating system. Most small and medium-sized enterprises do not employ router engineers and do not outsource this function as a required task. Therefore, network administrators and managers do not know much about or have time to ensure the security of routers. The following are ten basic techniques to ensure vro security.

1. Update your vro Operating System: Like a network operating system, the vro operating system also needs to be updated to correct programming errors, software flaws, and cache overflow problems. Always query the current update and operating system version from your vro manufacturer.

2. Modify the default password: According to the Computer Emergency Response Team of Carnegie Mellon University, 80% of security events are caused by weak or default passwords. Avoid using common passwords, and use a mix of uppercase and lowercase letters as stronger password rules.

3. Disable HTTP settings and SNMP (Simple Network Management Protocol): the HTTP settings of your vro are easy for a busy network administrator. However, this is also a security problem for vrouters. If your vro has a command line setting, disable HTTP and use this setting method. If you are not using SNMP on your vro, you do not need to enable this function. A Cisco router has an SNMP security vulnerability that is vulnerable to GRE tunnel attacks.

4. Blocking ICMP (Internet Control Message Protocol) ping requests: ping and other ICMP functions are very useful tools for network administrators and hackers. Hackers can use the ICMP feature enabled on your vro to find information that can be used to attack your network.

5. Disable telnet commands from the Internet: In most cases, you do not need active telnet sessions from Internet interfaces. If you access your vro from the inside, the configuration will be safer.

6. Disable IP-targeted broadcast: IP-targeted broadcast allows you to launch denial-of-service attacks on your devices. The memory and CPU of A vro cannot withstand too many requests. This result may cause cache overflow.

7. Disable IP routing and IP redirection: retargeting allows data packets to come in from one interface and then exit from another interface. You do not need to redirect specially designed data packets to a dedicated internal network.

8. packet filtering: packet filtering only transmits the data packets that you are allowed to access your network. Many companies only allow port 80 (HTTP) and Port 110/25 (email ). In addition, you can block and allow IP addresses and ranges.

9. Review security records: by simply taking some time to review your record files, you will see significant attack methods and even security vulnerabilities. You will be surprised when you have experienced so many attacks.

10. Unnecessary Services: Never disable unnecessary services, whether on routers, servers, or workstation. Cisco devices provide small services by default through network operating systems, such as echo, chargen and discard ). These services, especially their UDP services, are rarely used for legal purposes. However, these services can be used to launch denial-of-service attacks and other attacks. Packet filtering can prevent these attacks

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.