How to Secure Your Unifi Installation
During the installation, TM Unifi installation team will install the following equipment:-
■ Fibre Broadband Termination Unit (BTU) or VDSL2 Modem for High-rise office units
■ Wireless Router (D-Link, D-615 with custom firmware) also known as BG
■ DECT Cordless Phone
■ Wireless Router (D-Link, D-615 with custom firmware) also known as BG
■ DECT Cordless Phone
The default Wireless Router setup is not well secured against Internet attacks.
■ The router is not configured to drop ICMP packets, allowing a hacker to ping your unprotected router, telling him it’s alive and connected to the internet.
■ The firewall is disabled.
■ The router may have remote access enabled. The default IP config of 0.0.0.0, will allow anyone, anywhere, to log in to your router web interface). The web interface port number is also set to default.
■ The router’s Administrator password is defaulted to: admin, no password
■ The firewall is disabled.
■ The router may have remote access enabled. The default IP config of 0.0.0.0, will allow anyone, anywhere, to log in to your router web interface). The web interface port number is also set to default.
■ The router’s Administrator password is defaulted to: admin, no password
How to Secure your Network:
Login in to your router’s web interface. Open a web browser, go to http://192.168.0.1 You will be prompted for the username and password.
Step 1. Change your Router’s Administrator password.
■ Go to ‘Maintenance’ tab, under ‘Admin Password’ section. Change your password here.
Step 2. Rename your Wireless Network Name/ SSID.
The default SSID has your requested login name, i.e.: mycompany@unifi. Unauthorised users now know your login id and your ISP.
The default SSID has your requested login name, i.e.: mycompany@unifi. Unauthorised users now know your login id and your ISP.
■ Go to ‘Setup’ tab, click ‘Wireless Setup’ menu on the left.
■ Under ‘Multiple Wireless Network Name (SSIDs) section, click ‘Multiple Wireless Network Name Setup’ button.
■ You will be taken to a page with ‘Wireless Network Name’ section. Rename your existing Wireless Network Name/SSID there.
■ Under ‘Multiple Wireless Network Name (SSIDs) section, click ‘Multiple Wireless Network Name Setup’ button.
■ You will be taken to a page with ‘Wireless Network Name’ section. Rename your existing Wireless Network Name/SSID there.
Step 3. Disable Remote Access to your router.
■Go to ‘Maintenance’ tab, under ‘Remote Management’ section. Un-check the ‘Enable Remote Management:’ checkbox.
Step 4. Enable the Firewall
■ Go to ‘Advanced’ tab, click ‘Firewall & DMZ’ menu on the left.
■ Under ‘Outside Firewall Setting’ section, check the ‘Enable WAN to LAN Firewall ‘ checkbox.
■ Check all the checkboxes inside the rows of ‘DOS ATTACK’, ‘POST SCAN ATTACK’ and ‘SERVICE FILTER’.
■ To find out what these settings do, feel free to Google each of the checkbox descriptions.
■ Under ‘Outside Firewall Setting’ section, check the ‘Enable WAN to LAN Firewall ‘ checkbox.
■ Check all the checkboxes inside the rows of ‘DOS ATTACK’, ‘POST SCAN ATTACK’ and ‘SERVICE FILTER’.
■ To find out what these settings do, feel free to Google each of the checkbox descriptions.
No comments:
Post a Comment