For users, it is necessary to know some knowledge about Router Security Configuration. So I have studied the specific method of Router Security Configuration and will share it with you here, I hope it will be useful to you. For most enterprise LAN, routers have become one of the most important security devices in use.
Generally, most networks have a primary access point. This is the "virtual border router" that is usually used with a dedicated firewall ". After proper configuration, the edge router can block almost all the most stubborn bad elements out of the network. If you want to, the router security configuration can also allow good people to access the network. However, a vro without proper configuration is better than no security measures at all. In the following guide, we will look at several convenient steps you can use to protect network security. These steps ensure that you have a brick wall to protect your network, rather than an open door.
1. Modify the default password
According to foreign surveys, 80% of Security breakthroughs are caused by weak passwords. The network has a list of extensive default passwords for most vro security configurations. You are sure someone in some places will know your birthday. The SecurityStats.com website maintains a detailed list of available/unavailable passwords and a password reliability test.
2. Disable IP Direct Broadcast (IP Directed Broadcast)
Your server is very obedient. Let it do what it does, and no matter who sends the command. Smurf attacks are DoS attacks. In this attack, attackers use fake source addresses to send an "ICMP echo" request to your network broadcast address. This requires all hosts to respond to this broadcast request. This situation will at least reduce your network performance. Refer to your vro security configuration file to learn how to disable IP direct broadcast. For example, the "Central (config) # no ip source-route" command will disable the IP direct broadcast address configured for Cisco router security.
3. If possible, disable the HTTP settings of the router security configuration.
As described in Cisco's technical description, the identity authentication protocol used by HTTP is equivalent to sending an unencrypted password to the entire network. However, unfortunately, there is no valid rule in the HTTP protocol for password verification or one-time password verification.
Although this unencrypted password may be very convenient for you to set your vro security configuration from a remote location (such as at home), other people can do the same thing you can do. Especially if you are still using the default password! If you must remotely manage vro security configurations, make sure to use the Protocol of SNMPv3 or later versions because it supports stricter passwords.
4. Block ICMP ping requests
The main purpose of ping is to identify the host currently in use. Therefore, ping is usually used for reconnaissance activities before large-scale collaborative attacks. By canceling the remote user's ability to receive ping requests, you can easily avoid unwanted scanning activities or defend against script kiddies that are looking for targets that are vulnerable to attacks ).