Difference between revisions of "Cyber Security/Secure Router or Modem"
(→FreeRadius) |
(→PPPoE Server) |
||
Line 72: | Line 72: | ||
====PPPoE Server==== | ====PPPoE Server==== | ||
+ | Information is omitted in this section due to none of the settings pertain to CCTV, Dahua products, or anything relevant to securing your network. | ||
+ | |||
====VPN==== | ====VPN==== | ||
=====VPN: Definition===== | =====VPN: Definition===== |
Revision as of 16:27, 28 October 2016
Contents
How to Create a More Secure Network
Recommended Router Models
- A router with DD-WRT installed. You can locate devices that have DD-WRT support on DD-WRT's website
Notes About DD-WRT
- This software will add many more features to your router, and should only be used by experienced professionals
- Flashing DD-WRT can potentially brick your router, so make sure to follow any instructions carefully
- This guide will not cover all DD-WRT features, only those pertinent to securing your network, and security device
- Menu's might be different in your router depending on your version of DD-WRT
Links and Resources
- DD-WRT Glossary
- DD-WRT FTP
- PuTTY
- MVPs Blacklist
- Ad Blocking DNS
- DD-WRT Ad-Blocking
- Privoxy Setup
- More Info
Setup
Basic Setup
Information is omitted in this section due to none of the settings pertain to CCTV, Dahua products, or anything relevant to securing your network.
IPV6
Information is omitted in this section due to none of the settings pertain to CCTV, Dahua products, or anything relevant to securing your network.
DDNS
You can setup an additional DDNS address in this section of your gateway to ensure your DDNS stays updated and pointing to the correct WAN IP address. If you are not using this feature, you want to leave this feature disable.
MAC Address Clone
Information is omitted in this section due to none of the settings pertain to CCTV, Dahua products, or anything relevant to securing your network.
Advanced Routing
Information is omitted in this section due to none of the settings pertain to CCTV, Dahua products, or anything relevant to securing your network.
VLANS
If you have a gateway with enough processing power, it is highly recommended that you setup a separate VLAN for just the security devices.
Networking
Information is omitted in this section due to none of the settings pertain to CCTV, Dahua products, or anything relevant to securing your network.
EoIP Tunnel
Information is omitted in this section due to none of the settings pertain to CCTV, Dahua products, or anything relevant to securing your network.
Wireless
Basic Settings
If you are not using wifi, your best bet is to disable this feature to ensure unauthorized visitors cannot gain access to your network from wifi.
Radius
Information is omitted in this section due to none of the settings pertain to CCTV, Dahua products, or anything relevant to securing your network.
Wireless Security
The wireless security settings, in decreasing order of preference, should be the pre-shared key versions of the following: 1. WPA2 + AES
2. WPA + AES (only if all devices support it).
3. WPA + TKIP (maximum security commonly supported by older wireless adapters - can be cracked as well)
4. WEP (easily cracked in 5 minutes)
5. Disabled (no security. Use some other security layer on top, like a VPN)
-Source DD-WRT Wiki
MAC Filter
If you choose to leave wireless enabled, setting up MAC filters will ensure only authorized devices are able to access the network.
Services
Services
- Disable SSHd
- Disable Telnet
FreeRadius
Information is omitted in this section due to none of the settings pertain to CCTV, Dahua products, or anything relevant to securing your network.
PPPoE Server
Information is omitted in this section due to none of the settings pertain to CCTV, Dahua products, or anything relevant to securing your network.
VPN
VPN: Definition
A VPN or Virtual Private Network, is used to remotely access your network. This feature will basically allow your computer to remotely connect to your LAN as if that computer was physically on that network.
VPN Configuaration
If you are not using this feature, disable all VPN settings, including:
- IPSec Passthrough
- PPTP Passthrough
- L2TP Passthrough
USB
NAS
Hotspot
SIP Proxy
Adblocking
- Privoxy Basic Configuration
- Link to Setup Ad Blocking on DD-WRT
- Additional Method to Setup Ad Blocking on DD-WRT
- Second Additional Method to Setup Ad Blocking on DD-WRT
|
|
Security
Firewall
For the Firewall section of the DD-WRT, you want to enable as many options as possible to ensure your network's firewall is doing it's job.
Firewall Protection
SPI Firewall:Enable Disable
Additional Filters
Filter Proxy
Filter Cookies
Filter Java Applets
Filter ActiveX
Block WAN Requests
Block Anonymous WAN Requests (ping)
Filter Multicast
Filter WAN NAT Redirection
Filter IDENT (Port 113)
Block WAN SNMP access
Impede WAN DoS/Bruteforce
Limit SSH Access
Limit Telnet Access
Limit PPTP Server Access
Limit FTP Server Access
VPN Passthrough
If you are not using the VPN features of your router, you should disable all VPN options.
Settings: IPSec Passthrough: Enable/Disable
PPTP Passthrough: Enable/Disable
L2TP Passthrough: Enable/Disable
Recommended Settings:
IPSec Passthrough: Disable
PPTP Passthrough: Disable
L2TP Passthrough: Disable
Access Restrictions
WAN Access
NAT/QOS
Port Forwarding
In this section, you can configure ports to be forwarded to your network devices. This is where you need to go to setup remote access if you are not using P2P.
Port Forwarding Explanation
In the above example, you will see several port forwarding rules. There are two Dahua NVRs on this network. Each NVR will need two ports (TCP and HTTP) forwarded in order for the system to be remotely accessible. There is an additional port forwarding rule for the first NVR's RTSP port, which is 554. This port needs to be forwarded only if you are using ONVIF or RTSP remotely.
|
|
Port Range Forwarding
Do not use this feature to open ports for your security devices. Use, "Port Forwarding" instead.
Port Triggering
Do not use this feature to open ports for your security devices. Use, "Port Forwarding" instead.
UPnP
UPNP attempts to automatically forward ports needed by a connected UPNP compliant device. This feature should always be disabled. 700px
DMZ
- DMZ should never be used to open ports on a DVR, NVR, or IP Camera. The only time DMZ should be used is when you want to completely bypass a router or modem's firewall.
QoS
Information is omitted in this section due to none of the settings pertain to CCTV, Dahua products, or anything relevant to securing your network.
Note: You can use QoS to give network traffic priority to the video feeds.
Administration
Management
- Set a new user name and password for your DD-WRT. This is a must!
- Disable Telnet Management
- Disable SSH Management
- Disable "Allow Any Remote IP"
Keep Alive
Commands
WOL
Factory Defaults
Information is omitted in this section due to none of the settings pertain to CCTV, Dahua products, or anything relevant to securing your network.
Firmware Upgrade
Information is omitted in this section due to none of the settings pertain to CCTV, Dahua products, or anything relevant to securing your network.
Backup
Information is omitted in this section due to none of the settings pertain to CCTV, Dahua products, or anything relevant to securing your network.
Status
Router
Information is omitted in this section due to none of the settings pertain to CCTV, Dahua products, or anything relevant to securing your network.
WAN
Information is omitted in this section due to none of the settings pertain to CCTV, Dahua products, or anything relevant to securing your network.
LAN
Information is omitted in this section due to none of the settings pertain to CCTV, Dahua products, or anything relevant to securing your network.
Wireless
Information is omitted in this section due to none of the settings pertain to CCTV, Dahua products, or anything relevant to securing your network.
Bandwidth
Information is omitted in this section due to none of the settings pertain to CCTV, Dahua products, or anything relevant to securing your network.
Sys-Info
Information is omitted in this section due to none of the settings pertain to CCTV, Dahua products, or anything relevant to securing your network.