Basics
Introduction
Upgrade router firmware
Protect router management
Turn it off
Port forwarding
Services audit
Questions
Disable services when not needed
OpenWRT
Introduction
Flash router with other firmware
DD-WRT
OpenWrt
Example: Flashing a TL-WR841N(D)
DropBear SSH public key authentication
Running SSH on another port
Whitelisting IP’s
Nethogs
Portknocking
Resources
Wireless
Introduction
Reduce wireless signal strength
Change router defaults
Disable SSID broadcasting
Enable encryption
Use the strongest encryption protocol available
Notes on WPS
Check for WPS
Warnings
Unauthorised devices
Restrict by MAC address
Use certificate-based security
Intranet
Introduction
Add a NAT router
Take control of the Internal NAT router
LAN segmentation
ARP
Spoofing
DNS
Cache poisoning
NFTables
Snort box
Internet
Introduction
BGP hijacking mitigations
Certificate validation
Network mitigations
Ty Myrddin Home
Unseen University
Improbability Blog
About
Contact
Introduction
BGP hijacking
Certificate validation