?
Solved

Closing Port 161 (snmp) on Netgear DG834G to Pass SecurityMetrics Test

Posted on 2013-02-06
12
Medium Priority
?
930 Views
Last Modified: 2013-02-17
I have a customer that accepts payments in his Diy shop by credit card. I am assuming
he has changed bank or something or has changed to a new system. In the shop there
is a Pc running Windows XP Pro with some other Epos software which downloads
transactions via the Netgear DG834G Router. I originally set up up the router and have
been contacted by the owner to say that SecurityMetrics which I assume on behalf of the
bank have said that system is not compliant and that Port 161 (snmp) needs closing.

 I have attempted to do this on the Netgear (See Attached) but don't know if this correct or not. The screenshot is from a test Pc not the one onsite. Where else should I be looking?



Thanks
ScreenShot019.bmp
0
Comment
Question by:floyd197
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
  • 2
12 Comments
 
LVL 14

Expert Comment

by:Michael Dyer
ID: 38861230
That looks correct - did you cycle the power on the router when you were done?  

Here is a good video tutorial on forwarding and blocking ports in the Netgear router:  http://www.youtube.com/watch?v=wzJMQFEl-y4
0
 
LVL 38

Expert Comment

by:hdhondt
ID: 38861861
Blocking SNMP should not normally present any problems.

It is used by printer management software to get page counts, errors, and other information from the printer. Some drivers use it for the same kind of checks. The Add Printer wizard also uses it to determine what port to create for the printer (if it gets no reply it lets the user decide). If necessary disable SNMP under the Ports tab in the printer's driver.
0
 

Author Comment

by:floyd197
ID: 38879610
Any more thoughts,
0
Plug and play, no additional software required!

The ATEN UE3310 USB3.1 Gen1 Extender Cable allows users to extend the distance between the computer and USB devices up to 10 m (33 ft). The UE3310 is a high-quality, cost-effective solution for professional environments such as hospitals, factories and business facilities.

 
LVL 14

Expert Comment

by:Michael Dyer
ID: 38881532
Netgear has a specific setting for SNMP remote management - you should be able to disable this in the menu.  

http://documentation.netgear.com/wg102/enu/202-10144-01/WG102-5-12.html
0
 

Author Comment

by:floyd197
ID: 38881829
Thanks but it is a DG834G and does not appear to have a setting like that.
0
 
LVL 38

Expert Comment

by:hdhondt
ID: 38882581
Do you have any problems after blocking SNMP?
0
 

Author Comment

by:floyd197
ID: 38883621
No don't appear to be. It is all do with the Security Metrics test saying that snmp is open. I
have also learned that this router passed these tests in September, nothing has changed
but now it fails. Unsure where else I can check to ensure that this port is closed.

Thanks
0
 

Author Comment

by:floyd197
ID: 38889683
Seem to be nearing a solution. But now need to to the following things.

"Login on port 8080 needs to be over HTTPS only. This can be found within the Netgear settings" Unsure exactly how to go about this.

Thanks
0
 
LVL 14

Expert Comment

by:Michael Dyer
ID: 38889870
I know you can configure the Remote Management to port 8080 but I do not see anyway to force it to require https

From the manual:

Configuring Remote Management

1. Log in to the router at its default LAN address of http://192.168.0.1 with its default User name of admin, default password of password, or using whatever User Name, Password and LAN address you have chosen for the router.

2. From the Advanced section of the main menu, select the Remote Management link.

3. Select the Turn Remote Management On check box.

4. Specify what external addresses will be allowed to access the router’s remote management.

For security, restrict access to as few external IP addresses as practical:

• To allow access from any IP address on the Internet, select Everyone.

• To allow access from a range of IP addresses on the Internet, select IP address range.

Enter a beginning and ending IP address to define the allowed range.

• To allow access from a single IP address on the Internet, select Only this Computer.

Enter the IP address that will be allowed access.

5. Specify the Port Number that will be used for accessing the management interface.

Web browser access normally uses the standard HTTP service port 80. For greater security,
you can change the remote management Web interface to a custom port by entering that
number in the box provided. Choose a number between 1024 and 65535, but do not use the number of any common service port. The default is 8080, which is a common alternate for HTTP.

6. Click Apply to have your changes take effect.

When accessing your router from the Internet, you will type your router's WAN IP address in your browser's Address (in IE) or Location (in Netscape) box, followed by a colon (:) and the custom port number. For example, if your external address is 134.177.0.123 and you use port number 8080, enter in your browser:

http://134.177.0.123:8080

Note: In this case, the http:// must be included in the address.

If you do not have one, you can download a manual here:

http://kbserver.netgear.com/pdf/dg834g_dg834gb_ref_manual_03Jun05.pdf

Hope this helps!
0
 

Author Comment

by:floyd197
ID: 38889917
That's what I thought. I haven't been sent much information to go on to be honest
but here is the email in full.

I have just spoken to Security Metrics and it has failed the scan but it should be an easy fix. He said it's easy and below are his words

"Login on port 8080 needs to be over HTTPS only. This can be found within the Netgear settings"

Would disabling the remote management work instead.

Thanks
0
 
LVL 14

Accepted Solution

by:
Michael Dyer earned 1500 total points
ID: 38890013
I would think disabling the remote management would indeed resolve that issue with the Security Metrics scan.
0
 

Author Comment

by:floyd197
ID: 38899596
Now passed the tests. Looks like the main problem was they were scanning the wrong IP address. Once they'd changed to the correct one and remote management was turned
off all tests were passed.

Thanks
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are two basic ways to configure a static route for Cisco IOS devices. I've written this article to highlight a case study comparing the configuration of a static route using the next-hop IP and the configuration of a static route using an outg…
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…
Suggested Courses
Course of the Month10 days, 20 hours left to enroll

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question