From e1752b93f7926ba422ddb7c1ada3cf484a4377fc Mon Sep 17 00:00:00 2001 From: Balazs Gyurak Date: Fri, 8 Apr 2022 22:04:29 +0100 Subject: [PATCH] Remove duplicated entry The same advice is there in more detailed form a few rows above --- README.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/README.md b/README.md index e2b9c58..675cdd1 100644 --- a/README.md +++ b/README.md @@ -241,11 +241,10 @@ This section covers how you connect your devices to the internet securely, inclu **Opt-Out Router Listings** | Optional | WiFi SSIDs is scanned, logged and then published on various websites (such as [Wiggle WiFi SSID Map](https://www.wigle.net/)), which is a serious privacy concern for some. You can [opt-out of many of these listings](https://www.ghacks.net/2014/10/29/add-_nomap-to-your-routers-ssid-to-have-it-ignored-by-google-and-mozilla/), by adding `_nomap` to the end of your SSID (WiFi network name) **Hide your SSID** | Optional | Your routers Service Set Identifier is simply the network name. If it is not visible, it may receive less abuse. However understand that finding hidden networks is a [trivial task](https://www.acrylicwifi.com/en/blog/hidden-ssid-wifi-how-to-know-name-of-network-without-ssid/) (e.g. with [Kismet](https://www.kismetwireless.net/)). See, [how to hide SSID](https://www.lifewire.com/hide-your-wireless-network-from-your-internet-leeching-neighbors-2487655) **Disable WPS** | Optional | Wi-FI Protected Setup provides an easier method to connect, without entering a long WiFi password, it often involves a physical button on your router, entering an 8-digit PIN, or tapping an NFC. It may be convenient, but WPS introduces a series of [major security issues](https://www.computerworld.com/article/2476114/the-woops-of-wps--wi-fi-protected-setup--raises-its-ugly-head-again.html), allowing an attacker to bypass the password, and gain easy access into your network. See, [how to disable WPS](https://www.howtogeek.com/176124/wi-fi-protected-setup-wps-is-insecure-heres-why-you-should-disable-it/) -**Disable UPnP** | Optional | Universal Plug and Play allows applications to automatically forward a port on your router, saving you the hassle of forwarding ports manually. However, it has a long history of [serous security issues](https://www.howtogeek.com/122487/htg-explains-is-upnp-a-security-risk/), and so it is recommended to turn this feature off. See, [how to disable UPnP](https://lifehacker.com/disable-upnp-on-your-wireless-router-already-1844012366) +**Disable UPnP** | Optional | Universal Plug and Play allows applications to automatically forward a port on your router, saving you the hassle of forwarding ports manually. However, it has a long history of [serious security issues](https://www.howtogeek.com/122487/htg-explains-is-upnp-a-security-risk/), and so it is recommended to turn this feature off. See, [how to disable UPnP](https://lifehacker.com/disable-upnp-on-your-wireless-router-already-1844012366) **Use a Guest Network for Guests** | Optional | Do not grant access to your primary WiFi network to visitors, as it enables them to interact with other devices on the network (such as printers, IoT/ smart home devices, network-attached storage/ servers etc). Even if it is someone you trust, you cannot guarantee that their device has not been compromised in some way. Some routers offer the ability to enable a separate 'guest' network, which provides isolation and is able to expire after a given time frame. For a more comprehensive network, the same outcome can be achieved using [a VLAN and separate access point](http://alduras.com/wp/guest-wifi-network-why-vlans/). See, [how to enable guest network](https://www.lifewire.com/guest-network-for-home-tutorial-818204) **Change your Router's Default IP** | Optional | Modifying your router admin panels default IP address will makes it more difficult for malicious scripts in your web browser targeting local IP addresses, as well as adding an extra step for local network hackers **Kill unused processes and services on your router** | Optional | Services like Telnet and SSH (Secure Shell) that provide command-line access to devices should never be exposed to the internet and should also be disabled on the local network unless they're actually needed. In general, [any service that’s not used should be disabled](https://www.securityevaluators.com/knowledge/case_studies/routers/soho_service_hacks.php) to reduce attack surface -**Disable UPnP** | Optional | Universal Plug and Play may allow you to save time with Port Forwarding, but it opens doors to many [security risks](https://www.howtogeek.com/122487/htg-explains-is-upnp-a-security-risk/). It can be disabled from your routers admin panel **Don't have Open Ports** | Optional | Close any open ports on your router that are not needed. Open ports provide an easy entrance for hackers. You can use a port scanner (such as [AngryIP](https://angryip.org)), or a [web service](https://www.yougetsignal.com/tools/open-ports/) **Disable Unused Remote Access Protocols** | Optional | When protocols such as PING, Telnet, SSH, UPnP and HNAP etc are enabled, they allow your router to be probed from anywhere in the world, and so should be disabled if not in use. Instead of setting their relevant ports to 'closed', set them to 'stealth' so that no response is given to unsolicited external communications that may come from attackers probing your network **Disable Cloud-Based Management** | Optional | You should treat your routers admin panel with the upmost care, as considerable damage can be caused if an attacker is able to gain access. You should take great care when accessing this page, ensuring you always log out, or considering Incognito mode. Most routers offer a 'remote access' feature, allowing you to access the admin web interface from anywhere in the world, using your username and password. This greatly increases attack surface, and opens your network up to a host of threats, and should therefore be disabled. You could also take it a step further, disable the admin interface over WiFi, meaning the settings can only be modified when using a direct Ethernet connection. Note that disabling cloud management may not be possible on some modern mesh-based routers