Many network Management Members did not realize that their router can become a hot attack. Router operating system as with the network operating system vulnerable to hackers. Most SMEs do not employ routers engineers did not consider this feature as a must do outsource. Therefore, network administrators and managers who do not quite understand the there is no time to guarantee the security of the router. Here is the router to ensure the safety of the 10 basic skills.
1, update your router operating system. The same as network operating system, the router operating system also needs to be updated in order to correct programming errors, software defects, and buffer overflow problems. Always check to your router manufacturer and operating system updates the current version.
2, modify the default password. According to Carnegie Mellon University's computer emergency response team, said 80% of security incidents are caused by weak or default passwords caused. Avoid using common passwords, and use mixed case letters as a more powerful way to password rules.
3, disable the HTTP settings, and SNMP (Simple Network Management Protocol). Set your router's HTTP part of the network administrator for a busy is very easy to set. But, this router is also a security issue. If your router has a command-line settings, disable the HTTP method and use this set up. If you do not use your router's SNMP, then you do not enable this feature. There is a Cisco router vulnerable to SNMP attacks GRE tunnel vulnerabilities.
4, blocking ICMP (Internet Control Message Protocol) ping requests. ping and other ICMP functions for network administrators and hackers are a very useful tool. Hackers can use your router to enable the ICMP features identified can be used to attack your network information.
5, disable the telnet command from the Internet. In most cases, you do not need Internet access the initiative from the telnet session. If you access your router from the internal settings safer.
6, disable IP directed broadcasts. IP directed broadcast equipment to allow you to implement a denial of service attacks. A router's memory and CPU unbearable too many requests. Such a result would lead to buffer overflows.
7, disable IP routing and IP re-orientation. Re-directed to allow incoming packets from an interface from another interface, then go out. You do not need to elaborate the data packet to be redirected to the private internal network.
8, packet filtering: packet filter to allow access only to pass on your kind of your network packets. Many companies only allow the use of port 80 (HTTP) and 110/25 port ( Electronic E-mail). In addition, you can block and allow the IP address and scope.
9, review the safety record. By simply using some time to review your records File You will see obvious attack, and even security vulnerabilities. You will you experience so many surprise attacks.
10, unnecessary services. Always disable unnecessary services, both routers, servers and workstations have to disable unnecessary services. Cisco equipment provided through the network operating system default of some small service, such as echo (echo), chargen (character generator protocol) and discard (discard protocol). These services, especially their UDP services, rarely used for legitimate purposes. However, these services can be used to implement denial of service attacks and other attacks. Packet filtering can prevent these attacks.
access point vs router
Niciun comentariu:
Trimiteți un comentariu