Line 19: |
Line 19: |
| ==Security Hardening Guidelines== | | ==Security Hardening Guidelines== |
| | | |
− | * Limit Administrative Access - Avoid exposing administrative services to the internet. If public access is mandatory, set unconventional ports (e.g., 32768-65535) for common services. | + | * '''Limit Administrative Access''' - Avoid exposing administrative services to the internet. If public access is mandatory, set unconventional ports (e.g., 32768-65535) for common services. |
− | * Secure Exposed Services - If remote access is necessary, ensure that it is protected by a firewall. If remote access is required for any administrative interface, modify the rule to only accept traffic from known sources (e.g. modify the SSH WAN access rule to only allow connections from a specific source address). | + | * '''Secure Exposed Services''' - If remote access is necessary, ensure that it is protected by a firewall. If remote access is required for any administrative interface, modify the rule to only accept traffic from known sources (e.g. modify the SSH WAN access rule to only allow connections from a specific source address). |
− | * Manage WiFi Effectively - Disable WiFi if it is not needed. Consider reducing wireless transmission power rather than hiding the ESSID. | + | * '''Manage WiFi Effectively''' - Disable WiFi if it is not needed. Consider reducing wireless transmission power rather than hiding the ESSID. |
− | * Use Key-Based Authentication - Make sure to use key-based authentication wherever possible (e.g. accessing device via SSH). | + | * '''Use Key-Based Authentication''' - Make sure to use key-based authentication wherever possible (e.g. accessing device via SSH). |
− | * Verify Backup Integrity - Always write down & compare MD5/SHA hashes of backup files and firmware files before uploading them to the device. | + | * '''Verify Backup Integrity''' - Always write down & compare MD5/SHA hashes of backup files and firmware files before uploading them to the device. |
− | * Use Phone Number Whitelisting - Create phone number groups for SMS commands to act as a whitelist. | + | * '''Use Phone Number Whitelisting''' - Create phone number groups for SMS commands to act as a whitelist. |
− | * Disable Unnecessary Utilities - Review and disable unnecessary SMS/Call utilities and commands, or disable this functionality completely. | + | * '''Disable Unnecessary Utilities''' - Review and disable unnecessary SMS/Call utilities and commands, or disable this functionality completely. |
| | | |
| ==Secure Operation Guidelines== | | ==Secure Operation Guidelines== |