Knowledge Base | Security

1. Blocking Unauthorized Wireless Clients

Here's are a few tips to prevent unauthorized wi-fi clients from connecting to your AP or Wi-Fi router and keep your local network safe.

2. Restrict Remote VPN Network's Access to Specific IP

VPN provides a secure connection between local network and remote network. Once VPN is up, the remote network can access all the devices in the local network just as if they are physically connected. But what if we only establish the VPN for the remote network to access a specific server? This article will demonstrate how to configure the router and restrict the remote VPN users to a particular local server only for the scenario below.

3. Use 2-Step Authentication for Remote Access

This article demonstrates how to set up 2-Step Authentication for the router's remote access (login from the WAN interface), and add a layer of security to the router. When 2-Step Authentication is enabled, the Internet user will not only need the administrator password, but also the Auth Code sent to the specific phone number or email address, to log into the router's management page.

4. Use mOTP for Remote Access

A one-time password (OTP) is a password that is valid for only one login session, it can protect the password-based authentication from replay attacks. For the router's remote access (log in from the WAN interface), you may use OTP and add a layer of security to your router and the local network. This requires a device, usually a mobile phone, generating the one-time password.

5. Prevent Potential Punycode Phishing Attack

The domain name system was designed to only use the limited ASCII characters at the very beginning. In order to represent Unicode characters (which covers letters of other languages) in the URL, the Punycode syntax is used.

6. Why is the Router Responding on Port 80?

The router is using port 80 for its HTTP management page as well as the firewall blocking page. Below are the configuration required for turning off TCP port 80 for the router.

7. DNS Security

DNS Security is based on Domain Name System Security Extensions (DNSSEC), which is a specification to add security to the Domain Name System (DNS). By the use the digital signatures, the DNS server can provide the DNS data integrity and origin authentication to the DNS clients. If you enable DNSSEC on Vigor Router, before asking for the address of a domain name, the router will perform iterative queries for DNSKEY and RRsig to validate the information provided by the DNS servers, thus to avoid receiving bogus DNS responses.