Template:Security guidelines: Difference between revisions
m
→Security Hardening Guidelines
| Line 19: | Line 19: | ||
==Security Hardening Guidelines== | ==Security Hardening Guidelines== | ||
* Limit Administrative Access - Avoid exposing administrative services to the internet. If public access is mandatory, set unconventional ports (e.g., 32768-65535) for common services. | * '''Limit Administrative Access''' - Avoid exposing administrative services to the internet. If public access is mandatory, set unconventional ports (e.g., 32768-65535) for common services. | ||
* Secure Exposed Services - If remote access is necessary, ensure that it is protected by a firewall. If remote access is required for any administrative interface, modify the rule to only accept traffic from known sources (e.g. modify the SSH WAN access rule to only allow connections from a specific source address). | * '''Secure Exposed Services''' - If remote access is necessary, ensure that it is protected by a firewall. If remote access is required for any administrative interface, modify the rule to only accept traffic from known sources (e.g. modify the SSH WAN access rule to only allow connections from a specific source address). | ||
* Manage WiFi Effectively - Disable WiFi if it is not needed. Consider reducing wireless transmission power rather than hiding the ESSID. | * '''Manage WiFi Effectively''' - Disable WiFi if it is not needed. Consider reducing wireless transmission power rather than hiding the ESSID. | ||
* Use Key-Based Authentication - Make sure to use key-based authentication wherever possible (e.g. accessing device via SSH). | * '''Use Key-Based Authentication''' - Make sure to use key-based authentication wherever possible (e.g. accessing device via SSH). | ||
* Verify Backup Integrity - Always write down & compare MD5/SHA hashes of backup files and firmware files before uploading them to the device. | * '''Verify Backup Integrity''' - Always write down & compare MD5/SHA hashes of backup files and firmware files before uploading them to the device. | ||
* Use Phone Number Whitelisting - Create phone number groups for SMS commands to act as a whitelist. | * '''Use Phone Number Whitelisting''' - Create phone number groups for SMS commands to act as a whitelist. | ||
* Disable Unnecessary Utilities - Review and disable unnecessary SMS/Call utilities and commands, or disable this functionality completely. | * '''Disable Unnecessary Utilities''' - Review and disable unnecessary SMS/Call utilities and commands, or disable this functionality completely. | ||
==Secure Operation Guidelines== | ==Secure Operation Guidelines== | ||