 |
|
Home > Disable HTTP configuration for the router, if possible |
|
|
|
Disable HTTP configuration for the router, if possible |
|
| 29 Jan 2007 | SearchNetworking.com |
|
|
As outlined in a Cisco Tech Note, "The authentication protocol used for HTTP is equivalent to sending a cleartext password across the network, and, unfortunately, there is no effective provision in HTTP for challenge-based or one-time passwords."
Although it may be convenient to configure your router from a remote location (from home for example), the fact that you can do it means that anyone else can as well. Especially if you're still using the default password! If you must remotely manage the router, make sure that you are using SNMPv3 or greater, as it supports hashed passwords.
Fortifying router security
 Introduction
Step 1: Change the default password!
Step 2: Disable IP directed broadcasts
 Step 3: Disable HTTP configuration for the router, if possible
Step 4: Block ICMP ping requests
Step 5: Disable IP source routing
Step 6: Determine your packet filtering needs
Step 7: Establish Ingress and Egress address filtering policies
Step 8: Maintain physical security of the router
Step 9: Take the time to review the security logs
About the author
Chris Cox is a network administrator for the United States Army, based in Fort Irwin, California.
This tip originally appeared on SearchNetworking.com.
|
|
|
|
|
|
| TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of . |
|
| |
All Rights Reserved, , TechTarget |
|
|
|
|
|
