ajh
Occasional Visitor
Long-time lurker, new member so hi.
I wanted to thanks folks on this forum for the wealth of info you offer. While I'm not a total noob (I've administered a home network with a Cisco enterprise router, two network switches and a NAS and not totally screwed it up), I'm not a professional and I'm new to Asuswrt-Merlin and very much appreciate what a great resource this forum is.
Although I hesitate to thank individual members for your excellent tips because there're so many of you offering solid advice and I'd leave lots of people out, I'd be remiss if I didn't thank Tim Higgins for running the site, @RMerlin for developing Merlin and @L&LD for his step-by-step guides.
<off-topic>
As a way of giving back I thought I'd share a quick off-topic tip. Folks here give a ton of attention to configuring and hardening routers but I haven't seen any passing mention on this or other SNB forums about hardening multi-function devices (MFDs) that print, scan and fax. As you might imagine, even if you harden your router, if you connect a MFD and leave it with the default password and default services still enabled, you're leaving open a potential vector to attack your network.
With its bug bounty program, HP is a MFD manufacturer that's paying attention to security. Even so, when I just hardened a new 9000 series all-in-one printer, I was surprised that its default password was 1234567 and that it had enabled numerous services (like WPAD) with potential vulnerabilities. It took just a few minutes for me to enable HTTPS for the HP webui and to disable Digital Send, faxing, Google Cloud Print, HP ePrint, IPv6, LPD, Microsoft Web Services, proxy settings, Smart Tasks, Usage Data Collection, Web Services, Wi-Fi Direct and WINS, none of which I use or need.
So, if you're thinking of doing the same, the best guide that I've come across is Multifunction Device Hardening Checklist by UT Austin's Information Security Office.
</off-topic>
I wanted to thanks folks on this forum for the wealth of info you offer. While I'm not a total noob (I've administered a home network with a Cisco enterprise router, two network switches and a NAS and not totally screwed it up), I'm not a professional and I'm new to Asuswrt-Merlin and very much appreciate what a great resource this forum is.
Although I hesitate to thank individual members for your excellent tips because there're so many of you offering solid advice and I'd leave lots of people out, I'd be remiss if I didn't thank Tim Higgins for running the site, @RMerlin for developing Merlin and @L&LD for his step-by-step guides.
<off-topic>
As a way of giving back I thought I'd share a quick off-topic tip. Folks here give a ton of attention to configuring and hardening routers but I haven't seen any passing mention on this or other SNB forums about hardening multi-function devices (MFDs) that print, scan and fax. As you might imagine, even if you harden your router, if you connect a MFD and leave it with the default password and default services still enabled, you're leaving open a potential vector to attack your network.
With its bug bounty program, HP is a MFD manufacturer that's paying attention to security. Even so, when I just hardened a new 9000 series all-in-one printer, I was surprised that its default password was 1234567 and that it had enabled numerous services (like WPAD) with potential vulnerabilities. It took just a few minutes for me to enable HTTPS for the HP webui and to disable Digital Send, faxing, Google Cloud Print, HP ePrint, IPv6, LPD, Microsoft Web Services, proxy settings, Smart Tasks, Usage Data Collection, Web Services, Wi-Fi Direct and WINS, none of which I use or need.
So, if you're thinking of doing the same, the best guide that I've come across is Multifunction Device Hardening Checklist by UT Austin's Information Security Office.
</off-topic>
