189
edits
Changes
mLine 19:
Line 19: − + − + − + − + − + − + − +
→Security Hardening Guidelines
==Security Hardening Guidelines==
==Security Hardening Guidelines==
* Limit Administrative Access - Avoid exposing administrative services to the internet. If public access is mandatory, set unconventional ports (e.g., 32768-65535) for common services.
* '''Limit Administrative Access''' - Avoid exposing administrative services to the internet. If public access is mandatory, set unconventional ports (e.g., 32768-65535) for common services.
* Secure Exposed Services - If remote access is necessary, ensure that it is protected by a firewall. If remote access is required for any administrative interface, modify the rule to only accept traffic from known sources (e.g. modify the SSH WAN access rule to only allow connections from a specific source address).
* '''Secure Exposed Services''' - If remote access is necessary, ensure that it is protected by a firewall. If remote access is required for any administrative interface, modify the rule to only accept traffic from known sources (e.g. modify the SSH WAN access rule to only allow connections from a specific source address).
* Manage WiFi Effectively - Disable WiFi if it is not needed. Consider reducing wireless transmission power rather than hiding the ESSID.
* '''Manage WiFi Effectively''' - Disable WiFi if it is not needed. Consider reducing wireless transmission power rather than hiding the ESSID.
* Use Key-Based Authentication - Make sure to use key-based authentication wherever possible (e.g. accessing device via SSH).
* '''Use Key-Based Authentication''' - Make sure to use key-based authentication wherever possible (e.g. accessing device via SSH).
* Verify Backup Integrity - Always write down & compare MD5/SHA hashes of backup files and firmware files before uploading them to the device.
* '''Verify Backup Integrity''' - Always write down & compare MD5/SHA hashes of backup files and firmware files before uploading them to the device.
* Use Phone Number Whitelisting - Create phone number groups for SMS commands to act as a whitelist.
* '''Use Phone Number Whitelisting''' - Create phone number groups for SMS commands to act as a whitelist.
* Disable Unnecessary Utilities - Review and disable unnecessary SMS/Call utilities and commands, or disable this functionality completely.
* '''Disable Unnecessary Utilities''' - Review and disable unnecessary SMS/Call utilities and commands, or disable this functionality completely.
==Secure Operation Guidelines==
==Secure Operation Guidelines==
