Security Reminder


This is a reminder that if you have not yet already done so, check that you have looked at improving security on your DrayTek routers. There may be routers installed at customer sites still using SSH and HTTP for remote access that are vulnerable to attacks from Hackers. Steps to improve security are:

  1. Use the latest firmware since this will include the latest security patches.
  2. Use a strong password for admin login and all VPN profiles. Change the password often.
  3. Disable any services and VPN profiles unnecessary, e.g., OpenVPN, PPTP VPN, or remote management (Web, SNMP, telnet, SSH, FTP) from WAN. If the service is turned on, enable ACL or 2FA or specify the VPN peer IP to restrict access.
  4. Enable Brute Force Protection in Management setup page.
  5. Record Syslog and setup VPN/login Mail Alerts, and review the logs periodically. When abnormal attack events are observed, enable DoS Defense and block these IP addresses using the Blacklist function.
  6. Resign and Change the default security certificates for SSL or HTTPS access.
  7. Consider using a VPN protocol with higher security, such as IPsec X.509 for LAN to LAN, SSL+ mOTP for host to LAN VPN connections

Additional information is available in the following knowledge base articles:

  1. 1. How to use Digital Signature (X.509) to authenticate a LAN-to-LAN IPsec VPN between Vigor routers:
    https://www.draytek.com/support/knowledge-base/6111
    2. Dial VPN with mOTP authentication using Windows Smart VPN Client:
    https://www.draytek.com/support/knowledge-base/5426
    Use 2-Step Authentication for Remote Access:
    https://www.draytek.com/support/knowledge-base/5172
    4. Ways to Improve Network Security:
    https://www.draytek.com/support/knowledge-base/5465#drayos
    5. How to block an unknown IP address which keeps dialling VPN to Vigor Router
    https://www.draytek.com/support/knowledge-base/5982

 


Latest Firmware


 

Vigor2962 V4.3.2.4
Improvements

  • Improved web GUI security
  • Support the character “-” at the recipient number of Applications >>> SMS/Mail alert service
  • Fixed: Unstable throughput
  • Fixed: Failure to configure failover WAN successfully

For the complete list of improvements refer to the release notes in the firmware download link.
Click here to download firmware.


 

Vigor3910 V4.3.2.4
Improvements

  • Improved web GUI security
  • Add a new menu item, LAN>>Wired 802.1x
  •  Support a new switch IC (GPY211C0VC)
  • Support the character “-” at the recipient number of Applications >>> SMS/Mail alert service.
  • Fixed: IPsec MultiSA VPN dial-up delay
  • Fixed: VPN remote dial-in client could not access the Local server using the WAN Alias IP

For the complete list of improvements refer to the release notes in the firmware download link.
Click here to download firmware.



Vigor167 V5.2.2
Improvements

  • Send sync status syslog messages less frequently
  • Add an option of Specify DNS to use the ISP-issued DNS server
  • Display ISP issued DNS server and PPPoE status messages on WAN Status page
  • Fixed: DSL 35b synchronizing with reduced speed
  • Fixed: Spelling error in LAN>>IPv6>>Router Advertisement Configuration menu

Click here to download firmware.