From Teltonika Networks Wiki
Main Page > FAQ > Security > Security Features
Security features
In the table below you can find all the security features supported by Teltonika's devices.
| Category |
Feature |
Default |
Purpose/Description
|
| DDoS Protection |
SYN Flood Protection |
On |
Blocks excessive SYN requests to prevent resource exhaustion.
|
| Ping Flood Protection |
Off |
Mitigates ICMP (Ping) flood attacks.
|
| SSH Attack Prevention |
Off |
Blocks excessive SSH requests.
|
| HTTP Attack Prevention |
Off |
Blocks excessive HTTP requests.
|
| HTTPS Attack Prevention |
Off |
Blocks excessive HTTPS requests.
|
| Custom Configuration |
Custom Rules |
Empty |
Allows adding custom firewall rules via iptables commands.
|
| DMZ |
Off |
Allows separating LAN-side network into separate zones with heavily restricted access.
|
| Port Scan & TCP Attack Protection |
Port Scan Prevention |
Off |
Detects and blocks port scanning attempts.
|
| SYN-FIN Attack |
Off |
Blocks packets with both SYN and FIN flags set.
|
| SYN-RST Attack |
Off |
Prevents abrupt TCP session resets.
|
| X-Mas Attack |
Off |
Blocks TCP packets with multiple unusual flags set.
|
| FIN Scan |
Off |
Blocks FIN packets used to bypass firewalls.
|
| NULL Flags Attack |
Off |
Blocks TCP packets with no flags set.
|
| Access Control – Remote |
SSH Access |
Off |
Disabled by default; use only with strong passwords.
|
| HTTP Access |
Off |
Disabled by default; use only with strong passwords.
|
| HTTPS Access |
Off |
Disabled by default; use only with strong passwords.
|
| CLI Access |
Off |
Disabled by default; use only with strong passwords.
|
| Access Control – Local |
SSH Access |
On |
Allows local configuration over LAN.
|
| HTTP Access |
On |
Allows local WebUI configuration over LAN.
|
| HTTPS Access |
On |
Allows local WebUI configuration over LAN.
|
| CLI Access |
On |
Allows local command-line configuration over LAN.
|
| Login Protection |
SSH Login Attempts |
On |
Blocks IP after 10 failed attempts (default).
|
| WebUI Login Attempts |
On |
Blocks IP after 10 failed attempts (default).
|
| Configuration Security |
SMS Utilities |
Admin password |
SMS commands require admin password.
|
| Default Admin Password |
On |
Default password is present on the device label.
|
| Certificates |
Root CA |
Preloaded |
Default root certificate included; can be replaced.
|
| Other Protections |
UPnP |
Not installed / Off |
Disabled to prevent unauthorized port forwarding.
|
| UART Interface |
Admin password |
Requires password to prevent unauthorized physical access.
|
RUTxxx series security features
In the table below you can find all the security features supported by Teltonika's RUTxxx series devices.
| Category |
Feature |
Default |
Purpose/Description
|
| DDoS Protection |
SYN Attack Protection |
On |
Blocks excessive SYN requests to prevent resource exhaustion.
|
| Ping Attack Protection |
Off |
Mitigates ICMP (Ping) flood attacks.
|
| SSH Attack Prevention |
Off |
Blocks excessive SSH requests.
|
| HTTP Attack Prevention |
Off |
Blocks excessive HTTP requests.
|
| HTTPS Attack Prevention |
Off |
Blocks excessive HTTPS requests.
|
| Custom Configuration |
Custom Rules |
Empty |
Allows adding custom firewall rules via iptables commands.
|
| DMZ |
Off |
Allows separating LAN-side network into separate zones with heavily restricted access.
|
| Port Scan & TCP Attack Protection |
Port Scan Prevention |
Off |
Detects and blocks port scanning attempts.
|
| SYN-FIN Attack |
Off |
Blocks packets with both SYN and FIN flags set.
|
| SYN-RST Attack |
Off |
Prevents abrupt TCP session resets.
|
| X-Mas Attack |
Off |
Blocks TCP packets with multiple unusual flags set.
|
| FIN Scan |
Off |
Blocks FIN packets used to bypass firewalls.
|
| NULL Flags Attack |
Off |
Blocks TCP packets with no flags set.
|
| Access Control – Remote |
SSH Access |
Off |
Disabled by default; use only with strong passwords.
|
| HTTP Access |
Off |
Disabled by default; use only with strong passwords.
|
| HTTPS Access |
Off |
Disabled by default; use only with strong passwords.
|
| CLI Access |
Off |
Disabled by default; use only with strong passwords.
|
| Access Control – Local |
SSH Access |
On |
Allows local configuration over LAN.
|
| HTTP Access |
On |
Allows local WebUI configuration over LAN.
|
| HTTPS Access |
On |
Allows local WebUI configuration over LAN.
|
| CLI Access |
On |
Allows local command-line configuration over LAN.
|
| Login Protection |
SSH Login Attempts |
On |
Blocks IP after 10 failed attempts (default).
|
| WebUI Login Attempts |
On |
Blocks IP after 10 failed attempts (default).
|
| Configuration Security |
SMS Utilities |
Admin password |
SMS commands require admin password.
|
| Default Admin Password |
On |
Default password is present on the device label.
|
| Certificates |
Root CA |
Preloaded |
Default root certificate included; can be replaced.
|
| Other Protections |
UPnP |
Not installed / Off |
Disabled to prevent unauthorized port forwarding.
|
| UART Interface |
Admin password |
Requires password to prevent unauthorized physical access.
|
RUTXxxx series security features
In the table below you can find all the security features supported by Teltonika's RUTXxxx series devices.
| Category |
Feature |
Default |
Purpose/Description
|
| DDoS Protection |
SYN Attack Protection |
On |
Blocks excessive SYN requests to prevent resource exhaustion.
|
| Ping Attack Protection |
Off |
Mitigates ICMP (Ping) flood attacks.
|
| SSH Attack Prevention |
Off |
Blocks excessive SSH requests.
|
| HTTP Attack Prevention |
Off |
Blocks excessive HTTP requests.
|
| HTTPS Attack Prevention |
Off |
Blocks excessive HTTPS requests.
|
| Custom Configuration |
Custom Rules |
Empty |
Allows adding custom firewall rules via iptables commands.
|
| DMZ |
Off |
Allows separating LAN-side network into separate zones with heavily restricted access.
|
| Port Scan & TCP Attack Protection |
Port Scan Prevention |
Off |
Detects and blocks port scanning attempts.
|
| SYN-FIN Attack |
Off |
Blocks packets with both SYN and FIN flags set.
|
| SYN-RST Attack |
Off |
Prevents abrupt TCP session resets.
|
| X-Mas Attack |
Off |
Blocks TCP packets with multiple unusual flags set.
|
| FIN Scan |
Off |
Blocks FIN packets used to bypass firewalls.
|
| NULL Flags Attack |
Off |
Blocks TCP packets with no flags set.
|
| Access Control – Remote |
SSH Access |
Off |
Disabled by default; use only with strong passwords and appropriate firewall rules.
|
| HTTP Access |
Off |
Disabled by default; unencrypted traffic, avoid usage.
|
| HTTPS Access |
Off |
Disabled by default; use only with strong passwords and appropriate firewall rules.
|
| CLI Access |
Off |
Disabled by default; use only with strong passwords and appropriate firewall rules.
|
| Access Control – Local |
SSH Access |
On |
Allows local configuration over LAN.
|
| HTTP Access |
On |
Allows local WebUI configuration over LAN. Unencrypted traffic, avoid usage.
|
| HTTPS Access |
On |
Allows local WebUI configuration over LAN.
|
| CLI Access |
On |
Allows local command-line configuration over LAN.
|
| Login Protection |
SSH Login Attempts |
On |
Blocks IP after 10 failed attempts (default).
|
| WebUI Login Attempts |
On |
Blocks IP after 10 failed attempts (default).
|
| Configuration Security |
SMS Utilities |
Admin password |
SMS commands require admin password.
|
| Default Admin Password |
On |
Default password is present on the device label.
|
| Certificates |
Root CA |
Preloaded |
Default root certificate included; can be replaced.
|
| Other Protections |
UPnP |
Not installed / Off |
Disabled to prevent unauthorized port forwarding.
|
| UART Interface |
Admin password |
Requires password to prevent unauthorized physical access.
|
| TPM |
On |
Enabled by default. Securely stores cryptographic keys and other sensitive data.
|
RUTMxxx series security features
In the table below you can find all the security features supported by Teltonika's RUTMxxx series devices.
| Category |
Feature |
Default |
Purpose/Description
|
| DDoS Protection |
SYN Attack Protection |
On |
Blocks excessive SYN requests to prevent resource exhaustion.
|
| Ping Attack Protection |
Off |
Mitigates ICMP (Ping) flood attacks.
|
| SSH Attack Prevention |
Off |
Blocks excessive SSH requests.
|
| HTTP Attack Prevention |
Off |
Blocks excessive HTTP requests.
|
| HTTPS Attack Prevention |
Off |
Blocks excessive HTTPS requests.
|
| Custom Configuration |
Custom Rules |
Empty |
Allows adding custom firewall rules via iptables commands.
|
| DMZ |
Off |
Allows separating LAN-side network into separate zones with heavily restricted access.
|
| Port Scan & TCP Attack Protection |
Port Scan Prevention |
Off |
Detects and blocks port scanning attempts.
|
| SYN-FIN Attack |
Off |
Blocks packets with both SYN and FIN flags set.
|
| SYN-RST Attack |
Off |
Prevents abrupt TCP session resets.
|
| X-Mas Attack |
Off |
Blocks TCP packets with multiple unusual flags set.
|
| FIN Scan |
Off |
Blocks FIN packets used to bypass firewalls.
|
| NULL Flags Attack |
Off |
Blocks TCP packets with no flags set.
|
| Access Control – Remote |
SSH Access |
Off |
Disabled by default; use only with strong passwords.
|
| HTTP Access |
Off |
Disabled by default; use only with strong passwords.
|
| HTTPS Access |
Off |
Disabled by default; use only with strong passwords.
|
| CLI Access |
Off |
Disabled by default; use only with strong passwords.
|
| Access Control – Local |
SSH Access |
On |
Allows local configuration over LAN.
|
| HTTP Access |
On |
Allows local WebUI configuration over LAN.
|
| HTTPS Access |
On |
Allows local WebUI configuration over LAN.
|
| CLI Access |
On |
Allows local command-line configuration over LAN.
|
| Login Protection |
SSH Login Attempts |
On |
Blocks IP after 10 failed attempts (default).
|
| WebUI Login Attempts |
On |
Blocks IP after 10 failed attempts (default).
|
| Configuration Security |
SMS Utilities |
Admin password |
SMS commands require admin password.
|
| Default Admin Password |
On |
Default password is present on the device label.
|
| Certificates |
Root CA |
Preloaded |
Default root certificate included; can be replaced.
|
| Other Protections |
UPnP |
Not installed / Off |
Disabled to prevent unauthorized port forwarding.
|
| UART Interface |
Admin password |
Requires password to prevent unauthorized physical access.
|
| TPM |
On |
Enabled by default. Securely stores cryptographic keys and other sensitive data.
|
RUTCxxx series security features
| Category |
Feature |
Default |
Purpose/Description
|
| DDoS Protection |
SYN Attack Protection |
On |
Blocks excessive SYN requests to prevent resource exhaustion.
|
| Ping Attack Protection |
Off |
Mitigates ICMP (Ping) flood attacks.
|
| SSH Attack Prevention |
Off |
Blocks excessive SSH requests.
|
| HTTP Attack Prevention |
Off |
Blocks excessive HTTP requests.
|
| HTTPS Attack Prevention |
Off |
Blocks excessive HTTPS requests.
|
| Custom Configuration |
Custom Rules |
Empty |
Allows adding custom firewall rules via iptables commands.
|
| DMZ |
Off |
Allows separating LAN-side network into separate zones with heavily restricted access.
|
| Port Scan & TCP Attack Protection |
Port Scan Prevention |
Off |
Detects and blocks port scanning attempts.
|
| SYN-FIN Attack |
Off |
Blocks packets with both SYN and FIN flags set.
|
| SYN-RST Attack |
Off |
Prevents abrupt TCP session resets.
|
| X-Mas Attack |
Off |
Blocks TCP packets with multiple unusual flags set.
|
| FIN Scan |
Off |
Blocks FIN packets used to bypass firewalls.
|
| NULL Flags Attack |
Off |
Blocks TCP packets with no flags set.
|
| Access Control – Remote |
SSH Access |
Off |
Disabled by default; use only with strong passwords.
|
| HTTP Access |
Off |
Disabled by default; use only with strong passwords.
|
| HTTPS Access |
Off |
Disabled by default; use only with strong passwords.
|
| CLI Access |
Off |
Disabled by default; use only with strong passwords.
|
| Access Control – Local |
SSH Access |
On |
Allows local configuration over LAN.
|
| HTTP Access |
On |
Allows local WebUI configuration over LAN.
|
| HTTPS Access |
On |
Allows local WebUI configuration over LAN.
|
| CLI Access |
On |
Allows local command-line configuration over LAN.
|
| Login Protection |
SSH Login Attempts |
On |
Blocks IP after 10 failed attempts (default).
|
| WebUI Login Attempts |
On |
Blocks IP after 10 failed attempts (default).
|
| Configuration Security |
SMS Utilities |
Admin password |
SMS commands require admin password.
|
| Default Admin Password |
On |
Default password is present on the device label.
|
| Certificates |
Root CA |
Preloaded |
Default root certificate included; can be replaced.
|
| Other Protections |
UPnP |
Not installed / Off |
Disabled to prevent unauthorized port forwarding.
|
| UART Interface |
Admin password |
Requires password to prevent unauthorized physical access.
|
TRBxxx series security features
In the table below you can find all the security features supported by Teltonika's TRBxxx series devices.
| Category |
Feature |
Default |
Purpose/Description
|
| DDoS Protection |
SYN Attack Protection |
On |
Blocks excessive SYN requests to prevent resource exhaustion.
|
| Ping Attack Protection |
Off |
Mitigates ICMP (Ping) flood attacks.
|
| SSH Attack Prevention |
Off |
Blocks excessive SSH requests.
|
| HTTP Attack Prevention |
Off |
Blocks excessive HTTP requests.
|
| HTTPS Attack Prevention |
Off |
Blocks excessive HTTPS requests.
|
| Custom Configuration |
Custom Rules |
Empty |
Allows adding custom firewall rules via iptables commands.
|
| DMZ |
Off |
Allows separating LAN-side network into separate zones with heavily restricted access.
|
| Port Scan & TCP Attack Protection |
Port Scan Prevention |
Off |
Detects and blocks port scanning attempts.
|
| SYN-FIN Attack |
Off |
Blocks packets with both SYN and FIN flags set.
|
| SYN-RST Attack |
Off |
Prevents abrupt TCP session resets.
|
| X-Mas Attack |
Off |
Blocks TCP packets with multiple unusual flags set.
|
| FIN Scan |
Off |
Blocks FIN packets used to bypass firewalls.
|
| NULL Flags Attack |
Off |
Blocks TCP packets with no flags set.
|
| Access Control – Remote |
SSH Access |
Off |
Disabled by default; use only with strong passwords.
|
| HTTP Access |
Off |
Disabled by default; use only with strong passwords.
|
| HTTPS Access |
Off |
Disabled by default; use only with strong passwords.
|
| CLI Access |
Off |
Disabled by default; use only with strong passwords.
|
| Access Control – Local |
SSH Access |
On |
Allows local configuration over LAN.
|
| HTTP Access |
On |
Allows local WebUI configuration over LAN.
|
| HTTPS Access |
On |
Allows local WebUI configuration over LAN.
|
| CLI Access |
On |
Allows local command-line configuration over LAN.
|
| Login Protection |
SSH Login Attempts |
On |
Blocks IP after 10 failed attempts (default).
|
| WebUI Login Attempts |
On |
Blocks IP after 10 failed attempts (default).
|
| Configuration Security |
SMS Utilities |
Admin password |
SMS commands require admin password.
|
| Default Admin Password |
On |
Default password is present on the device label.
|
| Certificates |
Root CA |
Preloaded |
Default root certificate included; can be replaced.
|
| Other Protections |
UPnP |
Not installed / Off |
Disabled to prevent unauthorized port forwarding.
|
| UART Interface |
Admin password |
Requires password to prevent unauthorized physical access.
|
TSWxxx series security features
In the table below you can find all the security features supported by Teltonika's TSWxxx series devices.
| Category |
Feature |
Default |
Purpose/Description
|
| DDoS Protection |
SYN Attack Protection |
On |
Blocks excessive SYN requests to prevent resource exhaustion.
|
| Ping Attack Protection |
Off |
Mitigates ICMP (Ping) flood attacks.
|
| SSH Attack Prevention |
Off |
Blocks excessive SSH requests.
|
| HTTP Attack Prevention |
Off |
Blocks excessive HTTP requests.
|
| HTTPS Attack Prevention |
Off |
Blocks excessive HTTPS requests.
|
| Custom Configuration |
Custom Rules |
Empty |
Allows adding custom firewall rules via iptables commands.
|
| DMZ |
Off |
Allows separating LAN-side network into separate zones with heavily restricted access.
|
| Port Scan & TCP Attack Protection |
Port Scan Prevention |
Off |
Detects and blocks port scanning attempts.
|
| SYN-FIN Attack |
Off |
Blocks packets with both SYN and FIN flags set.
|
| SYN-RST Attack |
Off |
Prevents abrupt TCP session resets.
|
| X-Mas Attack |
Off |
Blocks TCP packets with multiple unusual flags set.
|
| FIN Scan |
Off |
Blocks FIN packets used to bypass firewalls.
|
| NULL Flags Attack |
Off |
Blocks TCP packets with no flags set.
|
| Access Control – Remote |
SSH Access |
Off |
Disabled by default; use only with strong passwords.
|
| HTTP Access |
Off |
Disabled by default; use only with strong passwords.
|
| HTTPS Access |
Off |
Disabled by default; use only with strong passwords.
|
| CLI Access |
Off |
Disabled by default; use only with strong passwords.
|
| Access Control – Local |
SSH Access |
On |
Allows local configuration over LAN.
|
| HTTP Access |
On |
Allows local WebUI configuration over LAN.
|
| HTTPS Access |
On |
Allows local WebUI configuration over LAN.
|
| CLI Access |
On |
Allows local command-line configuration over LAN.
|
| Login Protection |
SSH Login Attempts |
On |
Blocks IP after 10 failed attempts (default).
|
| WebUI Login Attempts |
On |
Blocks IP after 10 failed attempts (default).
|
| Configuration Security |
SMS Utilities |
Admin password |
SMS commands require admin password.
|
| Default Admin Password |
On |
Default password is present on the device label.
|
| Certificates |
Root CA |
Preloaded |
Default root certificate included; can be replaced.
|
| Other Protections |
UPnP |
Not installed / Off |
Disabled to prevent unauthorized port forwarding.
|
| UART Interface |
Admin password |
Requires password to prevent unauthorized physical access.
|
