Best Practices for securing your R-series WiFi Routers

Here is the list of potential security considerations to be taken into account to ensure safe access to your R-series WiFi router.

Always use Non Default admin credentials

Users must set non default admin passwords for their R-series devices for security reasons.

NOTE: If required these credentials can be changed/overridden via  your cnMaestro account.

Use Non Default SNMP Community strings

It is also highly recommended to change the READ/WRITE community string to non default values. This would prevent attacks via SNMP interface.

Device management via WAN

From 4.3.3-R4 onwards  the device UI  access over the WAN interface is disabled by default. Though not recommended (especially when using default admin credentials) it can be enabled if required as shown in the image below.

WAN-ui-access-control.png

SSH

Starting 4.3.3-R4 device firmwares have ssh capability. However by default this is limited to LAN ports only and is disabled on the WAN port. SSH over WAN should be  enabled only if required and turned back off when not in use.

ssh-over-WAN-enable.png

Telnet

Some older versions of the software had Telnet service enabled by default, while in others it could be enabled by way of configuration import. It is highly recommended to keep telnet disabled, especially when default admin credentials are being used on the device.

telnet-disable-legacy.png

Device Management access from wireless clients

R-series devices also have option to manage/configure device by logging into the UI through a wireless client connected to the AP. This option for security reasons is kept disabled by default. User can enable this option by first time logging in through LAN/WAN. It is recommended that we keep this option disabled when not in use.

wireless-client-ui-access-control.png

Factory Defaults Lock

The R-series devices provide an option to disable the factory reset hardware switch on the box. This can be enabled to prevent accidental factory reset getting triggered on the devices.

factory-lock.png

5 Likes