Welcome to our Online Store!

Common sense of router network security

2018-02-02 16:07:19

For ordinary users, update the router's firmware to the latest in time, use the wireless Internet users, most of your home router cannot be enterprises set the VLAN router, multi-subnet use ACL to do isolation, but at least you want to open the AP isolation, and wireless encryption to connected use AES way as far as possible, and at least eight or more complex passwords, shut down the router remote management function, modify the router management page log on to the default user name and password, change the default port 80, open SIP firewall, and open the refuse from the WAN port PING command detection based on ICMP protocol, close the UPNP service!!!!!

Especially XP users, pay special attention to shut down the SSDP service, do not go to porn sites, do not use lower version of the browser to access the Internet, upgrade your browser to the latest, or use Google Chrome, do not use any third-party software such as 360 Upgrade your operating system, try to use Windows Update upgrade system patches, check the host file regularly do not be modified to cause DNS spoofing, for enterprise users, to strictly do VLAN division, so that the second floor and the third floor completely isolated, conditional use 255.255.255.255 as a subnet mask, the internal server try to use Linux system, just need to open the port, the remaining ports using ACL all shut down, as far as possible using the NAS private cloud as an internal file sharing server, as well as network printers, do not Use PC to do printer sharing and file sharing, do everything possible to reduce unnecessary file sharing and printer sharing within the network, reduce U disk utilization, never allow the use of external U disk or removable hard disk on the server, so you can Effectively inhibit the spread of intranet virus, even if there is electricity within the network Brain poisoning will not result in paralysis of the entire network poisoning, the server should not directly use the public IP directly exposed on the public network, the gateway port mapping rational use only the port to the public network can be, if not the public network external server.

To use the public network connection, try to use SSL VPN + ACL, for example, the connection server only need to connect to the server port 80, then only allow this VPN connection to the specified server port 80, not allowed to connect any other port, VPN isolation, VPN is not allowed to access any internal unrelated network resources, so that the real green private, so even if the VPN password leaked, hacked, he can not do anything that can seriously damage your network, so that the loss can be reduced to Minimum, modify the SQL Server default SA user name and weak passwords, make the necessary address access restrictions, Windows brings us convenience at the same time, it is also a flawed system, so to make rational use of network security technology to enhance its reliability。

Address: Room110,No.389 Jinwan Road,Shanghai,China

Email: daisy.dai@ccitel.com
service time: 7x24 hour

CCIT ICT PRODUCTS