Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Closing Port 161 (snmp) on Netgear DG834G to Pass SecurityMetrics Test

Posted on 2013-02-06
12
904 Views
Last Modified: 2013-02-17
I have a customer that accepts payments in his Diy shop by credit card. I am assuming
he has changed bank or something or has changed to a new system. In the shop there
is a Pc running Windows XP Pro with some other Epos software which downloads
transactions via the Netgear DG834G Router. I originally set up up the router and have
been contacted by the owner to say that SecurityMetrics which I assume on behalf of the
bank have said that system is not compliant and that Port 161 (snmp) needs closing.

 I have attempted to do this on the Netgear (See Attached) but don't know if this correct or not. The screenshot is from a test Pc not the one onsite. Where else should I be looking?



Thanks
ScreenShot019.bmp
0
Comment
Question by:floyd197
  • 6
  • 4
  • 2
12 Comments
 
LVL 14

Expert Comment

by:Michael Dyer
ID: 38861230
That looks correct - did you cycle the power on the router when you were done?  

Here is a good video tutorial on forwarding and blocking ports in the Netgear router:  http://www.youtube.com/watch?v=wzJMQFEl-y4
0
 
LVL 38

Expert Comment

by:hdhondt
ID: 38861861
Blocking SNMP should not normally present any problems.

It is used by printer management software to get page counts, errors, and other information from the printer. Some drivers use it for the same kind of checks. The Add Printer wizard also uses it to determine what port to create for the printer (if it gets no reply it lets the user decide). If necessary disable SNMP under the Ports tab in the printer's driver.
0
 

Author Comment

by:floyd197
ID: 38879610
Any more thoughts,
0
Flexible connectivity for any environment

The KE6900 series can extend and deploy computers with high definition displays across multiple stations in a variety of applications that suit any environment. Expand computer use to stations across multiple rooms with dynamic access.

 
LVL 14

Expert Comment

by:Michael Dyer
ID: 38881532
Netgear has a specific setting for SNMP remote management - you should be able to disable this in the menu.  

http://documentation.netgear.com/wg102/enu/202-10144-01/WG102-5-12.html
0
 

Author Comment

by:floyd197
ID: 38881829
Thanks but it is a DG834G and does not appear to have a setting like that.
0
 
LVL 38

Expert Comment

by:hdhondt
ID: 38882581
Do you have any problems after blocking SNMP?
0
 

Author Comment

by:floyd197
ID: 38883621
No don't appear to be. It is all do with the Security Metrics test saying that snmp is open. I
have also learned that this router passed these tests in September, nothing has changed
but now it fails. Unsure where else I can check to ensure that this port is closed.

Thanks
0
 

Author Comment

by:floyd197
ID: 38889683
Seem to be nearing a solution. But now need to to the following things.

"Login on port 8080 needs to be over HTTPS only. This can be found within the Netgear settings" Unsure exactly how to go about this.

Thanks
0
 
LVL 14

Expert Comment

by:Michael Dyer
ID: 38889870
I know you can configure the Remote Management to port 8080 but I do not see anyway to force it to require https

From the manual:

Configuring Remote Management

1. Log in to the router at its default LAN address of http://192.168.0.1 with its default User name of admin, default password of password, or using whatever User Name, Password and LAN address you have chosen for the router.

2. From the Advanced section of the main menu, select the Remote Management link.

3. Select the Turn Remote Management On check box.

4. Specify what external addresses will be allowed to access the router’s remote management.

For security, restrict access to as few external IP addresses as practical:

• To allow access from any IP address on the Internet, select Everyone.

• To allow access from a range of IP addresses on the Internet, select IP address range.

Enter a beginning and ending IP address to define the allowed range.

• To allow access from a single IP address on the Internet, select Only this Computer.

Enter the IP address that will be allowed access.

5. Specify the Port Number that will be used for accessing the management interface.

Web browser access normally uses the standard HTTP service port 80. For greater security,
you can change the remote management Web interface to a custom port by entering that
number in the box provided. Choose a number between 1024 and 65535, but do not use the number of any common service port. The default is 8080, which is a common alternate for HTTP.

6. Click Apply to have your changes take effect.

When accessing your router from the Internet, you will type your router's WAN IP address in your browser's Address (in IE) or Location (in Netscape) box, followed by a colon (:) and the custom port number. For example, if your external address is 134.177.0.123 and you use port number 8080, enter in your browser:

http://134.177.0.123:8080

Note: In this case, the http:// must be included in the address.

If you do not have one, you can download a manual here:

http://kbserver.netgear.com/pdf/dg834g_dg834gb_ref_manual_03Jun05.pdf

Hope this helps!
0
 

Author Comment

by:floyd197
ID: 38889917
That's what I thought. I haven't been sent much information to go on to be honest
but here is the email in full.

I have just spoken to Security Metrics and it has failed the scan but it should be an easy fix. He said it's easy and below are his words

"Login on port 8080 needs to be over HTTPS only. This can be found within the Netgear settings"

Would disabling the remote management work instead.

Thanks
0
 
LVL 14

Accepted Solution

by:
Michael Dyer earned 500 total points
ID: 38890013
I would think disabling the remote management would indeed resolve that issue with the Security Metrics scan.
0
 

Author Comment

by:floyd197
ID: 38899596
Now passed the tests. Looks like the main problem was they were scanning the wrong IP address. Once they'd changed to the correct one and remote management was turned
off all tests were passed.

Thanks
0

Featured Post

Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hi there, This article summarizes what you need if you are going to set up your home or small business Network Attached Storage (NAS) to be accessible from the internet. Of course there are configuration differences based on your NAS or router ma…
In the hope of saving someone else's sanity... About a year ago we bought a Cisco 1921 router with two ADSL/VDSL EHWIC cards to load balance local network traffic over the two broadband lines we have, but we couldn't get the routing to work consi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question