|
|
Line 44: |
Line 44: |
|
| |
|
| Understandably, every production environment is different and some features may be altered or changed in newer firmware versions – please always make sure to test & verify newer firmware versions '''before deploying any such firmware onto devices in production environment'''. | | Understandably, every production environment is different and some features may be altered or changed in newer firmware versions – please always make sure to test & verify newer firmware versions '''before deploying any such firmware onto devices in production environment'''. |
|
| |
| ==RUTXxx security features==
| |
|
| |
| In the table below you can find all the security features supported by Teltonika's '''RUTXxx''' devices.
| |
|
| |
| <table class="wikitable">
| |
| <tr>
| |
| <th width="200">Security measurement type</th>
| |
| <th width="200">Security measurement name</th>
| |
| <th width="200">By default</th>
| |
| <th width="500">Details</th>
| |
| </tr>
| |
| <tr>
| |
| <td>DDOS Prevention</td>
| |
| <td>SYN Flood Protection</td>
| |
| <td>On</td>
| |
| <td>A SYN flood is a form of denial-of-service attack in which an attacker sends a succession of SYN requests to a target's system in an attempt to consume enough server resources to make the system unresponsive to legitimate traffic.</td>
| |
| </tr>
| |
| <tr>
| |
| <td rowspan="8">Access Control</td>
| |
| <td>Remote SSH access</td>
| |
| <td>Off</td>
| |
| <td>All Remote access is disabled by default. If user is using remote access feature it may be a security threat. If user decides to use this feature - it is recommended to use a strong password.</td>
| |
| </tr>
| |
| <tr>
| |
| <td>Remote HTTP access</td>
| |
| <td>Off</td>
| |
| <td>All Remote access is disabled by default. If user is using remote access feature it may be a security threat. If user decides to use this feature - it is recommended to use a strong password.</td>
| |
| </tr>
| |
| <tr>
| |
| <td>Remote HTTPS access</td>
| |
| <td>Off</td>
| |
| <td>All Remote access is disabled by default. If user is using remote access feature it may be a security threat. If user decides to use this feature - it is recommended to use a strong password.</td>
| |
| </tr>
| |
| <tr>
| |
| <td>Remote CLI access</td>
| |
| <td>Off</td>
| |
| <td>All Remote access is disabled by default. If user is using remote access feature it may be a security threat. If user decides to use this feature - it is recommended to use a strong password.</td>
| |
| </tr>
| |
| <tr>
| |
| <td>Local SSH access</td>
| |
| <td>On</td>
| |
| <td>Enabled by default for user convenience, allows possibility of configuring the device when user is in the same LAN.</td>
| |
| </tr>
| |
| <tr>
| |
| <td>Local HTTP access</td>
| |
| <td>On</td>
| |
| <td>Enabled by default for user convenience, allows possibility of configuring the device when user is in the same LAN.</td>
| |
| </tr>
| |
| <tr>
| |
| <td>Local HTTPS access</td>
| |
| <td>Off</td>
| |
| <td>By default turned off - where is no scenario where HTTPS usage would be needed "out side the box".</td>
| |
| </tr>
| |
| <tr>
| |
| <td>Local CLI access</td>
| |
| <td>On</td>
| |
| <td>Enabled by default for user convenience, allows possibility of configuring the device when user is in the same LAN.</td>
| |
| </tr>
| |
| <tr>
| |
| <td>Block Unwanted Access</td>
| |
| <td>SSH Access Secure</td>
| |
| <td>On</td>
| |
| <td>By default, device allows a maximum of 5 login attempts (user defined). If all attempts are used, device will block SSH access from that source.</td>
| |
| </tr>
| |
| <tr>
| |
| <td>Configuration via SMS</td>
| |
| <td>SMS Utilities (Only in RUTX09 and RUTX11)</td>
| |
| <td> By router admin password</td>
| |
| <td>Default authorization method for configuration via SMS command is by router admin password. It's very important to have a strong password for admin account.</td>
| |
| </tr>
| |
| <tr>
| |
| <td>Default admin password</td>
| |
| <td>First login</td>
| |
| <td>On</td>
| |
| <td>Default password for Teltonika's devices is admin01 (weak password) but on first login to WebUI - RutOS forcefully requires user to change it. It is recommended to use a strong password</td>
| |
| </tr>
| |
| <td>Certificates</td>
| |
| <td>Root CA</td>
| |
| <td>Pre-uplouded</td>
| |
| <td>Root CA certificate are only needed if you want to use HTTPS for your services. There is a default file already preloaded in this device which will be overwritten by any uploaded file.</td>
| |
| </tr>
| |
| <td>Universal Plug and Play</td>
| |
| <td>UPnP</td>
| |
| <td>Not installed / Off</td>
| |
| <td>UPnP doesn't require any sort of authentication from the user. Any application running on your computer in LAN can ask the router to forward a port over UPnP, which is why the malware can abuse UPnP. Recommendation - If you don’t use it when leave it not installed or turned off.</td>
| |
| </tr>
| |
| <td>Universal Asynchronous Receiver – Transmitter</td>
| |
| <td>UART</td>
| |
| <td> By router admin password</td>
| |
| <td>Many manufacturers are implementing UART interfaces on their devices. If this interface is not password protected, security of the device may be compromised. If malicious 3rd party gains physical access to the device it will have full control of the router via UART interface, this is a reason why our devices have password protected UART interfaces.</td>
| |
| </tr>
| |
| </table>
| |
|
| |
|
| ==TRB14x security features== | | ==TRB14x security features== |