When wanting to maximize usage of your precious flash space, it tends to be a better approach, to applying up-to-date OpenWrt firmware and then reinstall your packages instead of only upgrading packages, when expecting larger volumes of upgrades.If you are inexperienced in hardening and firewall and web security, there is no need to worry, OpenWrt is hardened by default in a sufficient way, such that non-experienced muggles can use it right away, without being worried.
Safewell Safe Default After Secure Install Your PackagesThe root account is the default OpenWrt admin account on your device. This page also contains some general information about security of OpenWrt and what you should do in general, to keep your router in a properly secured state. Safewell Safe Default After Secure Password On TheTo initially set (or later on change) the root admin account password on the web admin GUI, goto Menu SystemAdminstration. Alternatively, on the commandline use passwd to set a password. Do what every major company does with the root accounts of their Linux servers. Congratulations that you do not have to share precious bandwidth with others, but you still need to set a root password. Because any web site you call from a browser in your home network (e.g. GUI of your OpenWrt device, without you noticing it and then do evil things there. If no root password is set, such malicious sites could manipulate your OpenWrt device in a way that you wont like. Automatic scanners of evil fources and script kids will find any open port on your WAN side sometimes within minutes and will then run extensive intrusion software suits on such open ports, probing a lot of attack vectors without any manual effort. The Internet is permanently being scanned for careless people. Before blindly following these practices, check first, if any server connection problems are due to a double NAT situation of cascaded routers at your home. If you have already performed various firewall changes on your OpenWrt device and now lost overview of your custom rules, you can always reset all your OpenWrt settings back to the to the initial default (see trouble shooting section). Did you notice that even OpenWrt firmware gets updated from time to time. As with your former vendor firmware, you should check regularly, whether OpenWrt has released new firmware and apply these updates to your device. ![]() As with the firmware you should also keep an eye on the custom packages you install. Not all security problems of those packages get addressed by OpenWrt system upgrades, but instead require you to manually upgrade the packages as well. If you are using custom packages, you should run a opkg update;opkg list-upgradable from time to time. This shows your installed packages that have available updates. ![]() Note that not every listed package upgrade is due to security issues, it can also be a harmless bug fix or feature extension. An update will continue to use your existing service configuration, but for critical OpenWrt environments, a manual config backup never hurts as safety precaution before upgrading packages. Safewell Safe Default After Secure Plus A DifferentialNote: OpenWrt uses a read-only root file system plus a differential extension partition for all package installs and upgrades.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |