Network essential tutorial: teach you to set up anti-house thief network

It’s true that all the thieves are hard to prevent. Not only in real life, but also in the online world, how to prevent it. With proper setup, the router is able to keep almost all of the most stubborn bad guys out of the network. This router also allows good people to enter the network if you wish. However, a router that is not properly configured is only slightly better than no security at all.

In the following guides, System Home will examine the nine convenient steps you can take to secure your network. These steps will ensure that you have a brick wall that protects your network, not an open door.

1. Establish an address filtering policy for admission and outbound

Establish policies on your border router to filter out security violations in and out of the network based on IP addresses. In addition to the special and unusual cases, all IP addresses that attempt to access the Internet from within your network should have an address assigned to your LAN. For example, the address 192.168.0.1 may be legal to access the Internet through this router. However, the address 216.239.55.99 is likely to be deceptive and part of an attack.

In contrast, the source address of communications from outside the Internet should not be part of your internal network. Therefore, addresses such as 192.168.X.X, 172.16.X.X, and 10.X.X.X should be blocked.

Finally, all communications with source addresses or reserved and unroutable destinations should be allowed through this router. This includes the loopback address 127.0.0.1 or the class E address segment 240.0.0.0-254.255.255.255.

2. Modify the default password!

According to foreign surveys, 80% of security breaches are caused by weak passwords. There is a broad list of default passwords for most routers on the network. You can be sure that someone in some places will know your birthday. The SecurityStats.com website maintains a comprehensive list of available/unavailable passwords, as well as a password reliability test.

3. Turn off IP Directed Broadcast

Your server is very obedient. Let it do what it does, and no matter who orders it is issued. A Smurf attack is a denial of service attack. In this type of attack, an attacker sends a “ICMP echo” request to your webcast address using a fake source address. This requires all hosts to respond to this broadcast request. This situation will at least reduce your network performance.

Refer to your router information file to learn how to turn off IP direct broadcast. For example, “Central(config)#no ip source-route” this command will turn off the IP direct broadcast address of the Cisco router.

4. Determine the need for your packet filtering

There are two reasons to block a port. One of them is appropriate for your network based on your level of security.

For highly secure networks, especially when storing or maintaining secret data, it is usually allowed to filter if allowed. In this provision, all ports and IP addresses must be blocked except for network functions. For example, port 80 for web communication and 110/25 port for SMTP allow access from a specified address, while all other ports and addresses can be closed.

Most networks will enjoy an acceptable level of security by using the "Filter by Reject Request" option. When using this filtering policy, you can block the ports that are not used by your network and the ports that are commonly used by Trojan horses or reconnaissance activities to enhance the security of your network. For example, blocking 139 ports and 445 (TCP and UDP) ports will make it harder for hackers to perform an exhaustive attack on your network. Blocking the 31337 (TCP and UDP) ports will make it harder for Back Orifice Trojans to attack your network.

This work should be determined during the network planning phase, when the level of security requirements should meet the needs of network users. Check the list of these ports for the normal purpose of these ports.