Solved

Closing Port 161 (snmp) on Netgear DG834G to Pass SecurityMetrics Test

Posted on 2013-02-06
12
912 Views
Last Modified: 2013-02-17
I have a customer that accepts payments in his Diy shop by credit card. I am assuming
he has changed bank or something or has changed to a new system. In the shop there
is a Pc running Windows XP Pro with some other Epos software which downloads
transactions via the Netgear DG834G Router. I originally set up up the router and have
been contacted by the owner to say that SecurityMetrics which I assume on behalf of the
bank have said that system is not compliant and that Port 161 (snmp) needs closing.

 I have attempted to do this on the Netgear (See Attached) but don't know if this correct or not. The screenshot is from a test Pc not the one onsite. Where else should I be looking?



Thanks
ScreenShot019.bmp
0
Comment
Question by:floyd197
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
  • 2
12 Comments
 
LVL 14

Expert Comment

by:Michael Dyer
ID: 38861230
That looks correct - did you cycle the power on the router when you were done?  

Here is a good video tutorial on forwarding and blocking ports in the Netgear router:  http://www.youtube.com/watch?v=wzJMQFEl-y4
0
 
LVL 38

Expert Comment

by:hdhondt
ID: 38861861
Blocking SNMP should not normally present any problems.

It is used by printer management software to get page counts, errors, and other information from the printer. Some drivers use it for the same kind of checks. The Add Printer wizard also uses it to determine what port to create for the printer (if it gets no reply it lets the user decide). If necessary disable SNMP under the Ports tab in the printer's driver.
0
 

Author Comment

by:floyd197
ID: 38879610
Any more thoughts,
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 14

Expert Comment

by:Michael Dyer
ID: 38881532
Netgear has a specific setting for SNMP remote management - you should be able to disable this in the menu.  

http://documentation.netgear.com/wg102/enu/202-10144-01/WG102-5-12.html
0
 

Author Comment

by:floyd197
ID: 38881829
Thanks but it is a DG834G and does not appear to have a setting like that.
0
 
LVL 38

Expert Comment

by:hdhondt
ID: 38882581
Do you have any problems after blocking SNMP?
0
 

Author Comment

by:floyd197
ID: 38883621
No don't appear to be. It is all do with the Security Metrics test saying that snmp is open. I
have also learned that this router passed these tests in September, nothing has changed
but now it fails. Unsure where else I can check to ensure that this port is closed.

Thanks
0
 

Author Comment

by:floyd197
ID: 38889683
Seem to be nearing a solution. But now need to to the following things.

"Login on port 8080 needs to be over HTTPS only. This can be found within the Netgear settings" Unsure exactly how to go about this.

Thanks
0
 
LVL 14

Expert Comment

by:Michael Dyer
ID: 38889870
I know you can configure the Remote Management to port 8080 but I do not see anyway to force it to require https

From the manual:

Configuring Remote Management

1. Log in to the router at its default LAN address of http://192.168.0.1 with its default User name of admin, default password of password, or using whatever User Name, Password and LAN address you have chosen for the router.

2. From the Advanced section of the main menu, select the Remote Management link.

3. Select the Turn Remote Management On check box.

4. Specify what external addresses will be allowed to access the router’s remote management.

For security, restrict access to as few external IP addresses as practical:

• To allow access from any IP address on the Internet, select Everyone.

• To allow access from a range of IP addresses on the Internet, select IP address range.

Enter a beginning and ending IP address to define the allowed range.

• To allow access from a single IP address on the Internet, select Only this Computer.

Enter the IP address that will be allowed access.

5. Specify the Port Number that will be used for accessing the management interface.

Web browser access normally uses the standard HTTP service port 80. For greater security,
you can change the remote management Web interface to a custom port by entering that
number in the box provided. Choose a number between 1024 and 65535, but do not use the number of any common service port. The default is 8080, which is a common alternate for HTTP.

6. Click Apply to have your changes take effect.

When accessing your router from the Internet, you will type your router's WAN IP address in your browser's Address (in IE) or Location (in Netscape) box, followed by a colon (:) and the custom port number. For example, if your external address is 134.177.0.123 and you use port number 8080, enter in your browser:

http://134.177.0.123:8080

Note: In this case, the http:// must be included in the address.

If you do not have one, you can download a manual here:

http://kbserver.netgear.com/pdf/dg834g_dg834gb_ref_manual_03Jun05.pdf

Hope this helps!
0
 

Author Comment

by:floyd197
ID: 38889917
That's what I thought. I haven't been sent much information to go on to be honest
but here is the email in full.

I have just spoken to Security Metrics and it has failed the scan but it should be an easy fix. He said it's easy and below are his words

"Login on port 8080 needs to be over HTTPS only. This can be found within the Netgear settings"

Would disabling the remote management work instead.

Thanks
0
 
LVL 14

Accepted Solution

by:
Michael Dyer earned 500 total points
ID: 38890013
I would think disabling the remote management would indeed resolve that issue with the Security Metrics scan.
0
 

Author Comment

by:floyd197
ID: 38899596
Now passed the tests. Looks like the main problem was they were scanning the wrong IP address. Once they'd changed to the correct one and remote management was turned
off all tests were passed.

Thanks
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
Arrow Electronics was searching for a KVM  (Keyboard/Video/Mouse) switch that could display on one single monitor the current status of all units being tested on the rack.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question