【 Weak current College 】 quickly enhance router security ten tips

Many network administrators have not realized their router can be attacked, router operating system and network operating systems vulnerable to hackers. Most SMEs do not have employment router engineer nor the functionality as a must to do outsourcing. Therefore, network administrators and managers are not aware or did not have time to guarantee the safety of the router. The following is the guarantee of ten router security basic skills.

1. update your router operating system: just like the network operating system, router operating system also needs to be updated,
In order to correct programming errors, software flaws and cache overflow problem. Always contact your router manufacturer for updates and query the current version of the operating system.

2. modify the default password: according to Carnegie Mellon University computer emergency response team that 80% of security incidents are due to weak or default passwords. Avoid using common passwords and the use of uppercase and lowercase letters, a mixed approach as a more powerful password rules.

3. disable HTTP settings and SNMP (simple network management protocol): your routers HTTP Setup section for a busy network administrator who is very easy to Setup. However, this router is also a security issue. If your router has a command line Setup, disable HTTP methods and how to use this setting. If you are not using your SNMP on the router, then you do not need to enable this feature. Cisco router exists a vulnerable to GRE tunnel attack of SNMP security vulnerabilities.

4. block ICMP (Internet Control Message Protocol) ping request: ICMP ping and other features for network administrators and hackers are very useful tools. A hacker to use your router enable ICMP function find out you can use to attack your network.

5. disable from Internet telnet command: in most cases, you do not need to come from the Internet interface of the active Telnet session. If the internal access your router settings safer.

6. disable IP directed broadcasts: to allow IP-directed broadcasts on your devices to denial of service attacks. One router memory and CPU to bear too many requests. This can cause buffer overflows.

7. disable IP routing and IP redirection: redirection allows packets from one interface to come in and go out from another interface. You don't need to be crafted packet redirection to a private internal network.

8. packet filtering: packet filtering only pass you allow into your network, the packets. Many companies are only allowed to use port 80 (HTTP) and 110/25 port (e-mail). In addition, you can block and allow the IP address or range.

9. review of the safety record: by simply using some time to review your record file, you will see the obvious attacks, and even security vulnerabilities. You will experience so much of a surprise attack.

10. unnecessary services: always disable unnecessary services, both routers, servers and workstations of unnecessary services are disabled. Cisco devices via a network operating system by default provides a number of small services such as echo (ECHO), chargen (character generator Protocol) and discard (discard Protocol). These services, in particular their UDP services, rarely used for legitimate purposes. However, these services can be used to implement a denial of service attacks and other attacks. Packet filtering can prevent these attacks.