Security Update


Due to recent events where, cyber attackers have tried to gain access to systems protected by DrayTek routers, DrayTek R&D have enhanced security features in the latest firmware release.  Improvements include router WebGUI security. The new firmware is now available for the Vigor3910 and Vigor2962 (version 3.9.6.3) and is listed as a critical update.

Below are some tips to improve security on your network:
1. Use the latest firmware release as these include the latest security patches.
2. Use a strong password for admin login and all VPN profiles. Change the password often.
3. Disable any unnecessary services and VPN profiles, e.g., OpenVPN, PPTP VPN, or remote management (Web, SNMP, telnet, SSH, FTP) from WAN.
If these services are enabled, ensure that you use ACL or 2FA or specify the VPN peer IP to restrict access.
4. Enable Brute Force Protection in Management setup page.
5. Record Syslog and setup VPN/login Mail Alerts, and review the logs periodically.
When abnormal attack events are observed, enable DoS Defense and block those IPs by using the Blacklist.
6. Re-sign and change the default security certificates for SSL or HTTPS access.
7. Consider Use VPN protocol in higher security, such as IPsec X.509 for LAN to LAN, SSL+mOTP for host to LAN connections.

Refer to the FAQ articles below for additional information
1. How to use Digital Signature (X.509) to authenticate a LAN-to-LAN IPsec VPN between Vigor routers:
https://www.draytek.com/support/knowledge-base/6111
2. Dial VPN with mOTP authentication using Windows Smart VPN Client:
https://www.draytek.com/support/knowledge-base/5426
3. Use 2-Step Authentication for Remote Access:
https://www.draytek.com/support/knowledge-base/5172
4. Ways to Improve Network Security:
https://www.draytek.com/support/knowledge-base/5465#drayos
5. How to block an unknown IP address which keeps dialing VPN to Vigor Router?
https://www.draytek.com/support/knowledge-base/5982


Latest Firmware


Vigor3910 v3.9.6.3

Improvement

  • Improve the WebGUI security

It is recommended to change the passwords for admin login and password/PSKs for VPN profiles after upgrading to this firmware. For more details refer to the release notes in the download link.

Click here to download the firmware.

Vigor2962 v3.9.6.3

Improvement

  • Improve the WebGUI security

It is recommended to change the passwords for admin login and password/PSKs for VPN profiles after upgrading to this firmware. For more details refer to the release notes in the download link.

Click here to download the firmware.