Vswitch Security Settings zero-Distance Access

The vswitch security settings are zero-distance, which means no vswitch and vro security settings are recommended for attacks. The framework of this article is as follows: Set a secure password, disable the Ping command test, and disable the virtual server.

For most local networks, switches and routers have become one of the most widely used network devices. In the eyes of many administrators, vswitches and vrouters are just a hardware device that shares Internet access. If their vswitch security settings are neglected, the entire LAN may be an open door, however, after the following settings, the door will become a secure wall.

Set a Secure Password

Generally, the vro logon password is a string that is easy to guess, such as admin, 888888, and 666666. Some vrouters will prompt in plaintext form on the logon interface, some vrouters even need to set the password manually. Otherwise, you can click the "Log on" button to set the vro. Therefore, you must set a secure password before putting the vswitch or vro into use.

For example, if you need to change the password for the Alpha V8 router, you can log on to the router in IE, and click the "Basic Settings> Change Password" link in sequence. Then, enter the old password first, enter a new password that is exactly the same twice. After confirmation, You can reset the password.

However, when setting a password, make sure that the password length is more than 8 characters, do not use your name, birthday, phone number, or other string that is easily guessed by others as a password. It is best to use uppercase and lowercase letters and numbers.

A string composed of special characters is used as a password, which not only prevents others from guessing the password at will, but also takes a long time to crack the password by using special software, therefore, the LAN risks caused by weak vswitches and vrouters are reduced to the lowest point.

Disable Ping command Test

After the vro is configured for security, the vswitch performs whatever it does, even for attack commands from external networks. Before a hacker performs an attack, he must use the Ping command to identify the currently used computer. Therefore, the Ping command is usually used for large-scale reconnaissance activities before a coordinated attack.

By canceling the response capability of remote users to receive Ping requests, it is easier to avoid scanning activities that are unattended or to defend against targets that are prone to attacks. After the target computer is obtained through Ping, hackers can perform various attacks.

For example, a Smurf attack is a Denial-of-Service attack in which an attacker uses a fake source address to send an "ICMPecho" request to the router, this requires all hosts to respond to this broadcast request. Although this attack does not directly damage the normal operation of the network, it will reduce the network performance.

In the Alpha router Management window, click the "Switch Security Settings> miscellaneous" link, and select the "enable" check box at the end of "WAN port Ping packet filtering. After this configuration, all Ping requests sent from the External Internet will be automatically filtered, enhancing the security of routers and computers in the LAN.

Disable a virtual server

Almost all vswitches and routers provide the functions of virtual servers, allowing External Internet users to access WWW, FTP, and other services deployed on other computers in the internal LAN. Although vswitch Security Settings provide many conveniences for setting up servers on the internal LAN, they bring security risks to the LAN.