Webui on untrust interface



  • Is it considered bad form to leave any type of management ability left open on an untrusted interface? I can see it being a vulnerable point of attack.



  • People do manage the device from Internet as well, better option will be to do below

    1. Define a manage-ip, which should not be the actual external interface ip, so that it is not that easy to guess your management ip.
    2. Define manager-ip, the specfic ip’s from where you want your device to be managed.
    3. Change the default management port from 80/22/23 to some 8888/2222/2323.
    4. Keep some real hard passwords to be safe from Brute Force.

 

26
Online

38.4k
Users

12.7k
Topics

44.5k
Posts