Now we are getting more and more people to access wireless networks in our lives, and they are favored by users with no need for wiring. At the same time, we also know that, A wireless router is usually used to build a wireless network. A wireless router plays such a role in daily life. For example, it can be connected to an external network through a WAN port, the LAN port provides an Internet connection to the LAN wired device. The wireless router also integrates the Wireless AP function to provide access to the wireless client ...... On the whole, this is an indispensable device, but in the process of use, wireless routers will also bring some troubles to everyone, that is, non-fast customers from the outside world, they attack or intrude into the network of users' wireless routers to achieve some ulterior motives. Obviously, this is not a pleasant thing, so we want to know, why are the most common types of attacks that wireless routers encounter and what should they do to keep themselves away from danger?
If you ask why a wireless router is attacked, start with an IP address. If a computer is a telephone phone, the IP address is equivalent to a telephone number. The IP addresses are divided into public and private addresses, most IP addresses are on the public network, but some IP addresses are reserved for internal networks only. That is to say, anyone can use it on their LAN and can only use it for internal IP addresses. These specific IP addresses are not allowed on the Internet. However, when a router is used for communication over the Internet, it also uses a different IP address, that is, a public IP address. The Administrator of the router cannot control the public IP address. It is provided by the ISP that connects the router to the Internet.
In this way, the public IP Address can only be found by computers on the Internet, and the private IP Address can only be seen by computers on the LAN, so as to build a barrier, otherwise, hackers may log on to the vro, endangering the entire LAN device.
Now that we know that our routers are prone to attacks, how should we defend against them? The following suggestions are provided:
Update the vro operating system in a timely manner: Like a network operating system, the vro operating system also needs to be updated to correct programming errors, software flaws, and cache overflow problems. Always query the current update and operating system version from your vro manufacturer.
Modify the default password: According to the Computer Emergency Response Team at Carnegie Mellon University, 80% of security events are caused by weak or default passwords. Avoid using common passwords, and use a mix of uppercase and lowercase letters as stronger password rules.
Disable HTTP settings and SNMP (Simple Network Management Protocol): the HTTP settings of your router are easy to set for a busy network administrator. However, this is also a security problem for vrouters. If your vro has a command line setting, disable HTTP and use this setting method. If you are not using SNMP on your vro, you do not need to enable this function. A Cisco router has an SNMP security vulnerability that is vulnerable to GRE tunnel attacks.
Blocking ICMP (Internet Control Message Protocol) ping requests: ping and other ICMP functions are very useful tools for network administrators and hackers. Hackers can use the ICMP feature enabled on your vro to find information that can be used to attack your network.
Disable telnet commands from the Internet: In most cases, you do not need an active telnet session from an Internet interface. If you access your vro from the inside, the configuration will be safer.
Disable IP-targeted broadcast: IP-targeted broadcast allows denial-of-service attacks on your devices. The memory and CPU of A vro cannot withstand too many requests. This result may cause cache overflow.
Disable IP routing and IP redirection: retargeting allows data packets to come in from one interface and then exit from another interface. You do not need to redirect specially designed data packets to a dedicated internal network.
Packet Filtering: packet filtering only transmits the data packets that you allow to access your network. Many companies only allow port 80 (HTTP) and Port 110/25 (email ). In addition, you can block and allow IP addresses and ranges.
Disable unnecessary services: disable unnecessary services on routers, servers, and workstations. Cisco devices provide small services by default through network operating systems, such as echo, chargen and discard ). These services, especially their UDP services, are rarely used for legal purposes. However, these services can be used to launch denial-of-service attacks and other attacks. Packet filtering can prevent these attacks