How can we help?

How to additionally secure your SMSEagle

Follow

SMSEagle devices are designed to achieve highest security standards in terms of application design and operating system security. A default device settings allow you to keep a balance between flexibility and security. However, if you would like to strengthen your default configuration with additional security-oriented measures, here is what you may do:

  1. Change default passwords (for webGUI and SSH console)!
  2. Replace default self-signed SSL certificate with your own SSL certificate (or install Let's encrypt certificate).
  3. Redirect HTTP traffic to HTTPS
  4. In features (like Email2SMS Poller, SMS To Email, LDAP) always use SSL/TLS encryption
  5. Disable external access to the database (webGUI > menu Settings > parameter "Access to DB for external applications"). This is disabled by default since software version 3.5.
  6. Use API token as API Authentication method.
  7. Change default SNMP community name (webGUI > menu Settings)

 

Some possible additional steps:

  1.  Configure Linux iptables to allow access only from a specified IP range.
  2. Configure your device to use SNMPv3 instead of v1 or v2 (see corresponding chapter in User's Manual how to switch)
  3. You can also harden the HTTPS security by editing webserver configuration and using your own SSL ciphers suite/protocols.
  4. Minimize information in a modem log.
  5. Follow this guide if you need to completely block incoming messages

 

Was this article helpful?
1 out of 2 found this helpful