Protect your network with Teltonika’s RUT260 Attack Prevention.
- Ben Grobler
- Technical Tips & Guides
- 0 likes
- 663 views
- 0 comments
As IT and Network Admins, we place immense focus on protecting users and the network from outside attacks on Primary and Secondary Internet connections, but we might neglect our failover connection and leave the network exposed.
When using a Teltonika LTE router, there are a few security protocols that you can implement to ensure you have a secure internet connection, even when your internet connection is running on the fail-over link. In this guide, we will discuss the different security features available and how to implement them.
Let’s start by logging into the RUT260. The default username and password can be found at the bottom of the router.
Once logged in, remember to change the default password to a new and strong password.
It is recommended to update the firmware to the latest version before starting with the setup. Navigate to System > Firmware. If a new firmware version is available, you can change Update From to Server and click on Update:
Once the upgrade is complete, navigate to Network > Firewall > Attack Prevention:
Here you can enable the firewall rules as needed, but first, let’s have a look at the different protocols and how they can protect your network.
SYN Flood Protection
With SYN Flood Protection, you may defend yourself against attacks that use a portion of the standard TCP three-way handshake to overwhelm the targeted server's resources and cause it to become unavailable. In essence, SYN flood denial-of-service attacks result in network oversaturation because the attacker transmits TCP connection requests more quickly than the targeted computer can handle them.
Remote ICMP Requests
Some attackers create denial-of-service attacks by sending ICMP echo request packets from distant locations to IP broadcast addresses. In order to defend your router from ICMP bursts, you can configure certain specific limitations.
SSH Attack Prevention
Its defence stops SSH attacks by capping the number of connections in a given amount of time.
HTTP Attack Prevention
A full, valid HTTP header, which includes a 'Content-Length' field specifying the size of the message body to follow, is sent in an HTTP assault. But after that, the attacker sends the message body at a very slow pace, for example, one byte per 100 seconds. The destination server will attempt to obey the 'Content-Length' field in the header because the entire message is correct and complete, and it will wait for the message's entire body to be transferred, which will slow it down.
HTTPS Attack Prevention
You can activate defence against HTTPS attacks, commonly referred to as "man-in-the-middle" attacks (MITM), under this section.
A man-in-the-middle attack (MITM) is a term used in computer security and cryptography to describe an attack in which the attacker surreptitiously relays and may modify the communication between two parties that think they are speaking with each other directly. Active eavesdropping is one type of man-in-the-middle attack where the attacker establishes separate connections with the victims and relays messages between them giving the impression that they are speaking with each other directly over a private connection, when in reality the attacker is controlling the entire conversation.
Port Scan
Attacks known as port scans look for open ports on the target host. The ports on a computer that are connected to the Internet are called network ports. Data from a client application can be received by a service that listens on a port, processed, and returned. Sometimes, hostile clients are able to remotely execute malicious programs on the machine or obtain sensitive data by taking advantage of weaknesses in the server code. In the first stage of a penetration test, port scanning is typically carried out to identify every network entry point into the target system. You have the option to activate defence against port scanning software in the Port Scan section.
The Defending Type section provides the possibility for the user to enable protections from certain types of online attacks. These include SYN-FIN, SYN-RST, X-Mas, FIN scan and NULLflags attacks.
Now that we have an idea what each security feature can do, let’s do a test HTTP attack. Hackers normally use “bots” to try and break into HTTP servers. Which means, they do hundreds of attempts each minute. Let’s enable this feature and see if we get limited.
Now that the HTTP Limit is enabled, lets log out and start testing. Remember, an attacker knows that the default username for Teltonika is admin. So, the only thing they need to try and “crack” is the password which is why it is important to change it to a strong password. Let’s use a random password and keep trying:
After 10 tries in 5 seconds, we can see that I have been blocked and cannot try again until the time limit is passed. Once the “Loading” screen is finished, you will see an error message stating that the device is unreachable.
Just by understanding what the attacker does from the outside, we can prevent them from accessing the router as well as the network. Remember that the HTTP Limit is just one of the security features you can enable. ICMP floods, SSH attacks and port scanners are still widely used for security breaches.
Should you require any additional information, you can access the RUT260 user manual or simply get in touch with our Technical support team. Browse our range of Teltonika LTE routers and order yours online, or alternatively, get in touch with our sales team on 012 657 0960 or sales@miro.co.za.
Comments
View Comments