When initially setting up an Exinda, there are certain basic steps that should be taken in order to secure the device from the outside world and potential attacks. This article explains these best practices.
Network security (and Information Security in general) is an important field in all devices on a network, whether they are routers, switches, or networked PCs/servers. As the Exinda deals with sensitive information (packet inspection, usernames, subnet information), security is of the utmost importance. Making sure that unauthorized people cannot access the Exinda or attack it in order to bring it down is something that should be considered once the device has been set up and is online.
The four basic things that should be done during or after planning an Exinda installation are as follows:
- Change the Admin password.
- Place the device behind a firewall.
- Restrict Secure Shell (SSH) access (or change the SSH port).
- Give the Exinda a private IP.
Changing the Admin Password
- Go to Configuration > System > Authentication, then to the "Local Users" tab.
- Under the "Change Password" box, ensure that 'admin' is the user selected and type in a new password.
- Confirm the password by retyping it.
- Click 'Change Password'. This will update the admin password to something other than the default.
Changing SSH Port
This is done through the CLI by inputting executing the following commands:
ssh server ports [portnumber]
Restricting SSH Access
- Go to Configuration > System > Setup > "Access" tab.
- Under the "SSH" box, to turn SSH off entirely, make sure that the "SSH Enabled" checkbox is unchecked.
- If keeping SSH turned on, ensure that it is using SSHv2 only (SSHv1 is for legacy purposes and is more insecure).
- Click 'Apply Changes' to add this, and save your configuration.