Answer the question
In order to leave comments, you need to log in
How to protect a home router (asus, zyxel) from hacking?
Not from special services, from China and so on. hackers :)
Situation:
I set up access on the router (zyxel keenetic II, asus rt-n12)
1. To the webmorde via the Internet
2. VPN PPTP
3. Threw the RDP port on the computer.
Now I think what vulnerabilities can be here and how to protect yourself from hacks?
What I want to protect:
1. Admin panel from brute-force passwords. Some kind of failtoban or captcha can not be set. It turns out only to close access from the outside, right?
2. Windows computer with RDP. Is a complex password enough there, or is it necessary to screw failtoban there, or are there no options here either?
3. VPN server. Leave the one on the router? On the router, just a login password (no failtoban) - can there be risks from brute force passwords here? Or is it necessary to raise another VPN inside the network and forward the port to it?
Solution:
1. On the router, close services from the outside to the maximum.
2. Raise IPSecVPN on the router (PPTP is weakly protected) or raise it behind the router.
Answer the question
In order to leave comments, you need to log in
No way, you do not rewrite the firmware. The password is more complicated, cut down / close all services from the outside. Install the latest firmware.
Ideally, if the router supports ssh and port forwarding through it, then leave only it, hang it on a non-standard port, set a more complicated password, or better a key. And knock on other services through ssh forwarding.
1. Change the admin password to a long one on the maximum possible set.
2. If it is possible to rename the admin - rename.
3. Do not give access to the webmord outside at all or give only one IP
4. PPTP is broken. For a long time, it's safe. They defend themselves - this is like a Chinese "iron" door.
5. Transfer RDP to another port, distribute via IP.
And best of all, if possible, change to OpenWRT :)
After you set it up, scan the system
www.tenable.com/products/nessus/nessus-professiona... It will
show open ports, what services are visible from the outside, well-known vulnerabilities.
Of course, it is impossible to give a 100% guarantee that everything is OK, but frank jambs in the defense will be visible.
It is not clear what exactly you want to protect against hacking?
Do not give access to the "face" of the router from external networks and set a long password. If you can change the administrator username, then you should do the same.
Do not open ports to the outside, use a vpn server to access the local network.
Disable upnp.
Update the firmware if updates are still being released.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question