How to mitigate the threat of the security incident
Zyxel Employee
- Change the admin-type accounts' password
- If you allow traffic from Internet to your device with WebGUI and SSL VPN tunnel, you can follow these steps to protect your device.
1. Add IP address object(s) to trusted addresses or trusted countries. Configuration > Object > Address/GeoIP
2. Allow trusted IP addresses and Deny others traffic from Internet Configuration > Security Policy > Policy Control
Rule #1. You can allow trusted IP addresses and WebGUI/SSL service ports from WAN side for access.
Rule #2. Deny other IP addresses that you do not trust to access your WebGUI.
3. Change HTTPS connection port from the default 443 to another port (without conflicting with other services) and make sure that this port is added in policy control rule #1. Configuration > System > WWW. Change HTTPS connection port. e.g 17443
After changing HTTPS Service port, you must reconnect to your device using the new port. If you would like to use SSL VPN tunnel to access your device, make sure that the public IP address of your PC is added in your Trusted IP List. While connecting to your device, make sure to enter the correct port in SecuExtender.
- If there is no WebGUI/SSL VPN tunnel required, you can move the default rule (WAN_to_Device) as the first rule and keep the last rule as “deny”.
(Allowed services are for IPSec VPN/VRRP/GRE)
Make sure there is no HTTP/HTTPS WebGUI service port in service group.
Categories
- 8.5K All Categories
- 1.6K Nebula
- 72 Nebula Ideas
- 57 Nebula Status and Incidents
- 4.5K Security
- 227 Security Ideas
- 985 Switch
- 46 Switch Ideas
- 883 WirelessLAN
- 24 WLAN Ideas
- 5.2K Consumer Product
- 158 Service & License
- 280 News and Release
- 61 Security Advisories
- 13 Education Center
- 581 FAQ
- 263 Nebula FAQ
- 160 Security FAQ
- 76 Switch FAQ
- 75 WirelessLAN FAQ
- 7 Consumer Product FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 62 About Community
- 46 Security Highlight