This article outlines some of the basic and essential processes to secure your IP/Network/Internet connected device from being compromised. It is a generic guide with common suggestions that can be applied to almost any device/system to help minimise unauthorised access which costs consumers and business millions of dollars each year.
- Upgrade the firmware. This is the most important thing you can do with any IP/Network/Internet connected device. Vendors release firmware updates regularly with features and improvements and these also often include security patches for known vulnerabilities.
- Change the default username and password. Changing both the default username and password help minimise the brute force attacks. If the username is left as the default, a hacker already has half of your authentication information which is a simple, yet often overlooked change. Passwords should be difficult to guess, i.e. non dictionary passwords, the longer the better and including special characters, numbers and capital letters where possible.
- Only allow internet access if absolutely necessary.Allowing access to your device from the internet (port forwarding) should only be done if it is absolutely necessary and ensure that Step 1 and 2 are repeated regularly. Here are some things to consider when port forwarding:
- Use a VPN. Where possible, setup a VPN server (or client depending your setup) at the location where the device you need to access is. This will allow you to remotely access the entire network the device is sitting on from anywhere on the internet. This means that instead of 10 port forwards to different devices on your network which you have to keep up to date and secure, you now reduce that to 1. These devices should still be secured and updated but are far less likely to be compromised.
- Restrict access by IP address or Subnet range. Most Routers/Firewalls allow you to specify a source IP Address or range of IP addresses that can access the device. Restricting access via IP address can be applied at the Router/Firewall level, and on the device (if the device supports it).
- Restrict username, password and permission levels. Only give the username and access passwords to appropriate person(s) who require access. Where possible, create permission levels and only give the user the permissions they require, no more. This means if their account is compromised it will hopefully have a limited impact (unless they have a high level of permission).
- Follow the vendors security recommendations. Vendors often have useful information available on how to secure their devices from unauthorised access or being compromised.