Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
W
W
Worlding2017-04-15 21:23:40
ASUS
Worlding, 2017-04-15 21:23:40

How to protect a home router (asus, zyxel) from hacking?

Not from special services, from China and so on. hackers :)
Situation:
I set up access on the router (zyxel keenetic II, asus rt-n12)
1. To the webmorde via the Internet
2. VPN PPTP
3. Threw the RDP port on the computer.
Now I think what vulnerabilities can be here and how to protect yourself from hacks?
What I want to protect:
1. Admin panel from brute-force passwords. Some kind of failtoban or captcha can not be set. It turns out only to close access from the outside, right?
2. Windows computer with RDP. Is a complex password enough there, or is it necessary to screw failtoban there, or are there no options here either?
3. VPN server. Leave the one on the router? On the router, just a login password (no failtoban) - can there be risks from brute force passwords here? Or is it necessary to raise another VPN inside the network and forward the port to it?
Solution:
1. On the router, close services from the outside to the maximum.
2. Raise IPSecVPN on the router (PPTP is weakly protected) or raise it behind the router.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

6 answer(s)
Report
D
Dmitry, 2017-04-15
@Worlding

No way, you do not rewrite the firmware. The password is more complicated, cut down / close all services from the outside. Install the latest firmware.
Ideally, if the router supports ssh and port forwarding through it, then leave only it, hang it on a non-standard port, set a more complicated password, or better a key. And knock on other services through ssh forwarding.

Report
S
sir_Maverick, 2017-04-16
@sir_Maverick

And be sure to turn off wps

Report
C
CityCat4, 2017-04-16
@CityCat4

1. Change the admin password to a long one on the maximum possible set.
2. If it is possible to rename the admin - rename.
3. Do not give access to the webmord outside at all or give only one IP
4. PPTP is broken. For a long time, it's safe. They defend themselves - this is like a Chinese "iron" door.
5. Transfer RDP to another port, distribute via IP.
And best of all, if possible, change to OpenWRT :)

Report
F
fatalick, 2017-04-16
@fatalick

After you set it up, scan the system
www.tenable.com/products/nessus/nessus-professiona... It will
show open ports, what services are visible from the outside, well-known vulnerabilities.
Of course, it is impossible to give a 100% guarantee that everything is OK, but frank jambs in the defense will be visible.

Report
D
Dmitry, 2017-04-15
@plin2s

It is not clear what exactly you want to protect against hacking?
Do not give access to the "face" of the router from external networks and set a long password. If you can change the administrator username, then you should do the same.
Do not open ports to the outside, use a vpn server to access the local network.
Disable upnp.
Update the firmware if updates are still being released.

Report
S
Sergey, 2017-04-16
@edinorog

2. VPN PPTP

... be sure to protect ... you believe in it! ... and the NSA and FSB are giving up .... *sarcasm*

Similar questions
M
m1512012-10-29 00:12:55
Which SSD to choose for Asus1201N? 1Reply
L
Lici2013-05-11 16:20:17
Does the Asus PA238Q beep at low brightness? 1Reply
S
SierraMadre2016-01-31 12:49:58
5.1 sound problems? 0Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question