DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

beefing up security

  • trolleybus
  • Topic Author
  • User
  • User
More
03 May 2009 18:28 #1 by trolleybus
beefing up security was created by trolleybus
From https://www.grc.com I am informed that I have ports 23, 80 and 443 open with all sorts of dire warnings for being so.

My hardware is:
Model Name : Vigor2820 series
Firmware Version : 3.3.0
Build Date/Time : Oct 8 2008 16:05:16
ADSL Firmware Version : 211011_A Annex A

Going over and over all the configuration panels I am clearly having a senior moment since I can see where to get these ports into stealf mode. I would very much appreciate guidance on this issue.

David Bradley

Please Log in or Create an account to join the conversation.

More
03 May 2009 20:30 #2 by njh
Replied by njh on topic beefing up security
Turn off remote management if you have it on.
2900Gi/v2.5.6; 2900/v2.5.6

Please Log in or Create an account to join the conversation.

  • olejnik_uk
  • User
  • User
More
04 May 2009 23:22 #3 by olejnik_uk
Replied by olejnik_uk on topic beefing up security
I usually change all those ports in the System Maintenance/Management part of the router and have the something like the following:

Telnet - 8585
HTTPS - 8383
HTTP - 8181
etc etc

Then, I allow remote management but only on HTTPS. Just remember to type in the port at the end of the router address when you want to access it i.e http://192.168.1.1:8181

Hope this helps.

Please Log in or Create an account to join the conversation.

  • trolleybus
  • Topic Author
  • User
  • User
More
05 May 2009 08:06 #4 by trolleybus
Replied by trolleybus on topic Re: Security
Thank you both for your interest in my problem.

IMHO the solution shown below just moves the open ports further "up the scale", it doesn't put them in stealth mode. Reference to http://192.168.1.1:8181 indicates to me that access to the router is from the LAN not the WAN.

I do require remote access to the router from across town but I don't want to comprise security, functionality or have more ports available to the bad guys than actually needed. Further observation and comment welcomed on this issue please.


olejnik_uk wrote: I usually change all those ports in the System Maintenance/Management part of the router and have the something like the following:

Telnet - 8585
HTTPS - 8383
HTTP - 8181
etc etc

Then, I allow remote management but only on HTTPS. Just remember to type in the port at the end of the router address when you want to access it i.e http://192.168.1.1:8181

Hope this helps.

Please Log in or Create an account to join the conversation.

More
05 May 2009 08:26 #5 by njh
Replied by njh on topic beefing up security
Having remote access and stealth are mutually exclusive. I do not know the 2820, but I think you can selectively allow access by http, https, ftp and telnet. If that is so, only allow one access type (https?) and maybe move it to a non-standard port.

Note this affects both LAN and WAN access.
2900Gi/v2.5.6; 2900/v2.5.6

Please Log in or Create an account to join the conversation.

  • trolleybus
  • Topic Author
  • User
  • User
More
05 May 2009 09:00 #6 by trolleybus
Replied by trolleybus on topic Re: Security
OK then a different approach was necessary. I turned off remote management but was still able to connect to the router via VPN and its local address.

Re-run GRC and found that we were in toal stealth mode.

With thanks to everyone who responded to this thread.


NJH wrote: Having remote access and stealth are mutually exclusive. I do not know the 2820, but I think you can selectively allow access by http, https, ftp and telnet. If that is so, only allow one access type (https?) and maybe move it to a non-standard port.

Note this affects both LAN and WAN access.

Please Log in or Create an account to join the conversation.