Any router security experts here?

ygravel001
ygravel001 Posts: 27 ✭✭
Hi there,
I’m loving the Fizz Route/Modem so far, but I do have a couple of issues/questions.
1- I use a custom port for Remote Desktop. If I turn on the Firewall to its maximum setting, it will block my port, so is there any way to allow it somewhere in the firewall?
2- The ShieldsUP test on GRC.com shows 4 common ports to be “Closed” instead of “Stealth” (22, 23, 80, 443). With other routers, I use to forward these ports to a non-exiting IP in my LAN and that solved the issue, but it doesn’t seem to work here, is there anything special I should do here?
Thank you

Answers

  • hc0468
    hc0468 Posts: 168 ✭✭
    +1 for your concern about good security configuration and for using the tools at grc.com !

    Unfortunately I don't have an answer to your questions with the CODA-4680 modem router, since I use it only as a modem in bridge mode.

    The general recommendation for the least hassle and best stability is to use your own modem.
  • ygravel001
    ygravel001 Posts: 27 ✭✭
    I see, well thanks for the reply anyway. Been using GRC since 2003, test it every time I get a new router.
  • samisheikh
    samisheikh Posts: 192 ✭✭
    While I don't trust the Modem's firewall, a friend of mine got brute forced in and crypto'd whilst using the modem firewall. I would recommend you use a router which has layer 7 FW capabilities or DPI. He also has two other routers which have DPI, DDOS protection as well as IPS. There is always a risk when you expose one of your internal computers to the outside. A general rule of thumb is to use non standard port when doing port forwarding and map it to a standardized port internally(I.E. 57083-->3389).
    That being said, maximum settings in the modem will block all ingress connections except for dynamic ports created by TCP. Are you using SSH, Telnet, HTTP, and HTTPS in your internal network?
  • Thanh S.
    Thanh S. Posts: 360 ✭✭
    Not me, unfortunately.
  • Mike
    Mike Posts: 21,680 ✭✭
    Port knocking and 2fa are not bad and cheap
This discussion has been closed.