Jump to content
Posted 20 July 2017 - 06:50 PM
Posted 23 July 2017 - 11:08 AM
Well, let me give a few comments for you here.
Automatic firmware updates or at least notifications: Most modern routers have this ability to auto update or notify you by email when updates are available you simply have to enable this feature within the router.
No WPS: WPS or WIFI Protected Setup requires that someone have access to the router to get the pin number on the router or push the WPS button to establish a connection to the network. So my question is the router going to be located in a public area, a secured one, or put out of sight to where you can still receive a good signal. For example mounted within a modular ceiling out of sight of public view. But access if a ladder is available and you removing some ceiling tiles.
Guest network ability: Wifi Routers today are Dualband Routers that have the ability to configure a Guest Network this is not an issue.
Firmware rollback option: With this, you would have to get with support from the Router Manufacturer to see if the model of router you have supports rolling back to an earlier firmware version.
Able to disable remote admin access - ethernet only access: Remote Administration of the router from outside your network would require the feature be enabled. Also, you likely would have to enable Dynamic DNS unless you have a Static IP Address. Which would be plausible if you have business class internet. Your ISP would issue you a block of Static IPs. Now, this is not saying you cannot Remotely Admin the router securely you can, You simply have to enable HTTPS under the Remote Admin Feature. But So if you don't wish to remotely admin your router away from your business network, don't enable this feature.
Administering the router from local business network whether thru ethernet or wifi would require the routers IP Address and the Admin Password. Depending on the model of router an Access Control List of authorized computers can access the Admin Page. This can be accomplished by enabling the ACL and putting in an IP Address of the authorized system or Mac Address.
Can disable (or stealth) PING, Telnet, SSH, UPnP, and HNAP: In most routers today you can disable PING or ICMP requests by shutting off the feature. Telnet and SSH are ports that have to be opened and forwarded on the router. These ports are closed by default on all routers. UPnP is a feature you can enable and disable within most routers by going into the settings, same with HNAP.
OpenDNS: OpenDNS is a very good content filtering service. All that's required here is to configure the router to use OpenDNS's dns servers for dns forwarding requests easy peasy. Wonderful service does an outstanding job
VPN: Now the question here is are you trying to establish a VPN Gateway for remote workers? Or are you trying to establish a Site to Site VPN with a branch office? Also what type of VPN will it be IPSEC, PPTP, L2TP what?
Edited by arlattimor, 23 July 2017 - 11:09 AM.
CCNA, CWNA, MCITP, MCSA, MCT, MCP, Security+, Server+, Linux+, Network+, A+, CNST
Network Security Engineer
0 members, 0 guests, 0 anonymous users