Ten Ways to Strengthen Router Security

There are many network administrators who have not realized that their routers can be a hot spot for attacks. The router operating system is as vulnerable to hackers as the network operating system. Most SMEs do not hire router engineers, nor do they outsource this functionality as a must-have. Therefore, network administrators and managers do not know much about it and have no time to guarantee the security of the router. Let's take a look at what are the top ten ways to enhance router security.

1. Update your router operating system. Just like the network operating system, the router operating system also needs to be updated to correct programming errors, software flaws and buffer overflow issues. Always check with your router vendor for current updates and operating system versions.

2. Modify the default password. According to the Computer Emergency Response Team at Carnegie Mellon University, 80% of security incidents are caused by weaker or default passwords. Avoid using normal passwords and use a mixture of uppercase and lowercase letters as a more powerful password rule.

3. Disable http settings and snmp (simple network management protocol). The http settings section of your router is easy to set up for a busy network administrator. However, this is also a security issue for routers. If your router has a command line setting, disable the http method and use this setting. If you are not using snmp on your router, then you do not need to enable this feature. Cisco routers have a snmp security vulnerability that is vulnerable to gre tunnel attacks.

4, block icmp (Internet Control Message Protocol) ping request. Ping and other icmp features are very useful tools for network administrators and hackers. Hackers can use the icmp feature enabled on your router to find out what information can be used to attack your network.

5, disable the telnet command from the Internet. In most cases, you don't need an active telnet session from the Internet interface. It would be safer to access your router settings internally.

6. Disable ip directed broadcast. Ip directed broadcasts allow denial of service attacks on your device. The memory and CPU of a router are difficult to withstand too many requests. This result can cause a buffer overflow.

7. Disable ip routing and ip redirection. Redirection allows packets to come in from one interface and then out from the other. You don't need to redirect well-designed packets to a dedicated internal network.

8. Packet Filtering: Packet filtering only passes packets that you are allowed to enter your network. Many companies only allow port 80 (http) and port 110/25 (email). In addition, you can block and allow ip addresses and ranges.

9. Review safety records. By simply taking advantage of some time to review your log files, you will see obvious attacks and even security holes. You will be amazed at how many attacks you have experienced.

10. Unnecessary service. Always disable unnecessary services, regardless of unnecessary services on routers, servers, and workstations. Cisco devices provide some small services by default through network operating systems, such as echo9 (echo), chargen (character generator protocol), and discard (discard protocol). These services, especially their udp services, are rarely used for legitimate purposes. However, these services can be used to implement denial of service attacks and other attacks. Packet filtering prevents these attacks.