Solved

Closing Port 161 (snmp) on Netgear DG834G to Pass SecurityMetrics Test

Posted on 2013-02-06
12
871 Views
Last Modified: 2013-02-17
I have a customer that accepts payments in his Diy shop by credit card. I am assuming
he has changed bank or something or has changed to a new system. In the shop there
is a Pc running Windows XP Pro with some other Epos software which downloads
transactions via the Netgear DG834G Router. I originally set up up the router and have
been contacted by the owner to say that SecurityMetrics which I assume on behalf of the
bank have said that system is not compliant and that Port 161 (snmp) needs closing.

 I have attempted to do this on the Netgear (See Attached) but don't know if this correct or not. The screenshot is from a test Pc not the one onsite. Where else should I be looking?



Thanks
ScreenShot019.bmp
0
Comment
Question by:floyd197
  • 6
  • 4
  • 2
12 Comments
 
LVL 14

Expert Comment

by:Michael Dyer
Comment Utility
That looks correct - did you cycle the power on the router when you were done?  

Here is a good video tutorial on forwarding and blocking ports in the Netgear router:  http://www.youtube.com/watch?v=wzJMQFEl-y4
0
 
LVL 38

Expert Comment

by:Herman D'Hondt
Comment Utility
Blocking SNMP should not normally present any problems.

It is used by printer management software to get page counts, errors, and other information from the printer. Some drivers use it for the same kind of checks. The Add Printer wizard also uses it to determine what port to create for the printer (if it gets no reply it lets the user decide). If necessary disable SNMP under the Ports tab in the printer's driver.
0
 

Author Comment

by:floyd197
Comment Utility
Any more thoughts,
0
 
LVL 14

Expert Comment

by:Michael Dyer
Comment Utility
Netgear has a specific setting for SNMP remote management - you should be able to disable this in the menu.  

http://documentation.netgear.com/wg102/enu/202-10144-01/WG102-5-12.html
0
 

Author Comment

by:floyd197
Comment Utility
Thanks but it is a DG834G and does not appear to have a setting like that.
0
 
LVL 38

Expert Comment

by:Herman D'Hondt
Comment Utility
Do you have any problems after blocking SNMP?
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:floyd197
Comment Utility
No don't appear to be. It is all do with the Security Metrics test saying that snmp is open. I
have also learned that this router passed these tests in September, nothing has changed
but now it fails. Unsure where else I can check to ensure that this port is closed.

Thanks
0
 

Author Comment

by:floyd197
Comment Utility
Seem to be nearing a solution. But now need to to the following things.

"Login on port 8080 needs to be over HTTPS only. This can be found within the Netgear settings" Unsure exactly how to go about this.

Thanks
0
 
LVL 14

Expert Comment

by:Michael Dyer
Comment Utility
I know you can configure the Remote Management to port 8080 but I do not see anyway to force it to require https

From the manual:

Configuring Remote Management

1. Log in to the router at its default LAN address of http://192.168.0.1 with its default User name of admin, default password of password, or using whatever User Name, Password and LAN address you have chosen for the router.

2. From the Advanced section of the main menu, select the Remote Management link.

3. Select the Turn Remote Management On check box.

4. Specify what external addresses will be allowed to access the router’s remote management.

For security, restrict access to as few external IP addresses as practical:

• To allow access from any IP address on the Internet, select Everyone.

• To allow access from a range of IP addresses on the Internet, select IP address range.

Enter a beginning and ending IP address to define the allowed range.

• To allow access from a single IP address on the Internet, select Only this Computer.

Enter the IP address that will be allowed access.

5. Specify the Port Number that will be used for accessing the management interface.

Web browser access normally uses the standard HTTP service port 80. For greater security,
you can change the remote management Web interface to a custom port by entering that
number in the box provided. Choose a number between 1024 and 65535, but do not use the number of any common service port. The default is 8080, which is a common alternate for HTTP.

6. Click Apply to have your changes take effect.

When accessing your router from the Internet, you will type your router's WAN IP address in your browser's Address (in IE) or Location (in Netscape) box, followed by a colon (:) and the custom port number. For example, if your external address is 134.177.0.123 and you use port number 8080, enter in your browser:

http://134.177.0.123:8080

Note: In this case, the http:// must be included in the address.

If you do not have one, you can download a manual here:

http://kbserver.netgear.com/pdf/dg834g_dg834gb_ref_manual_03Jun05.pdf

Hope this helps!
0
 

Author Comment

by:floyd197
Comment Utility
That's what I thought. I haven't been sent much information to go on to be honest
but here is the email in full.

I have just spoken to Security Metrics and it has failed the scan but it should be an easy fix. He said it's easy and below are his words

"Login on port 8080 needs to be over HTTPS only. This can be found within the Netgear settings"

Would disabling the remote management work instead.

Thanks
0
 
LVL 14

Accepted Solution

by:
Michael Dyer earned 500 total points
Comment Utility
I would think disabling the remote management would indeed resolve that issue with the Security Metrics scan.
0
 

Author Comment

by:floyd197
Comment Utility
Now passed the tests. Looks like the main problem was they were scanning the wrong IP address. Once they'd changed to the correct one and remote management was turned
off all tests were passed.

Thanks
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
Tired of waiting for your show or movie to load?  Are buffering issues a constant problem with your internet connection?  Check this article out to see if these simple adjustments are the solution for you.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now