Security Protection Router Anti-Hacker Attack

The operating system provides some small services by default, such as echo (echo), gen (character generator protocol) and discard (discard protocol). These services, especially their UDP services, are rarely used for legitimate purposes. However, these services can be used to implement denial of service attacks and other attacks. Packet filtering prevents these attacks. 1. Update your router operating system: Just like the network operating system, the router operating system also needs to be updated to correct programming errors, software flaws and buffer overflows. Always check with your router vendor for current updates and operating system versions. 2. Modify the default password: According to the Computer Emergency Response Team at Carnegie Mellon University, 80% of security incidents are caused by weaker or default passwords. Avoid using normal passwords and use a mixture of uppercase and lowercase letters as a more powerful password rule. 3. Disable HTTP settings and SNMP (Simple Network Management Protocol): The HTTP settings section of your router is easy to set up for a busy network administrator. However, this is also a security issue for routers. If your router has a command line setting, disable HTTP mode and use this setting. If you are not using SNMP on your router, then you do not need to enable this feature. Cisco routers have an SNMP vulnerability that is vulnerable to GRE tunnel attacks. 4. Block ICMP (Internet Control Message Protocol) ping requests: ping and other ICMP functions are very useful tools for network administrators and hackers. Hackers can use the ICMP features enabled on your router to find out what information can be used to attack your network. 5. Disable telnet commands from the Internet: In most cases, you don't need an active telnet session from the Internet interface. It would be safer to access your router settings internally. 6. Disable IP directed broadcast: IP directed broadcasts allow denial of service attacks on your device. The memory and CPU of a router are difficult to withstand too many requests. This result can cause a buffer overflow. 7. Disable IP Routing and IP Redirection: Redirection allows packets to come in from one interface and then out from the other. You don't need to redirect well-designed packets to a dedicated internal network. 8. Packet Filtering: Packet filtering only passes the kind of packets that you are allowed to enter your network. Many companies only allow port 80 (HTTP) and port 110/25 (email). In addition, you can block and allow IP addresses and ranges. 9. Review security records: By simply taking advantage of some time to review your log files, you will see obvious attacks and even security holes. You will be amazed at how many attacks you have experienced. 10. Unnecessary Service: Always disable unnecessary services, regardless of unnecessary services on routers, servers, and workstations. Cisco's devices go through the network Many network administrators have not realized that their routers can be a hot spot for attacks. The router operating system is as vulnerable to hackers as the network operating system. Most SMEs do not hire router engineers, nor do they outsource this functionality as a must-have. Therefore, network administrators and managers do not know much about it and have no time to guarantee the security of the router. Here are ten basic tips for securing your router.