How can we help?

How to additionally secure your SMSEagle

Follow

SMSEagle devices are designed to achieve highest security standards in terms of application design and operating system security. A default device settings allow you to keep a balance between flexibility and security. However, if you would like to strengthen your default configuration with additional security-oriented measures, here is what you may do:

  1. Change default passwords (for webGUI and SSH console)!
  2. Replace default self-signed SSL certificate with your own SSL certificate (or install Let's encrypt certificate).
  3. Redirect HTTP traffic to HTTPS
  4. In features (like Email2SMS Poller, SMS To Email, LDAP) always use SSL/TLS encryption
  5. Disable external access to the database (webGUI > menu Settings > parameter "Access to DB for external applications"). This is disabled by default since software version 3.5.
  6. Use API token as API Authentication method.
  7. Disable SNMP or change default SNMP community name (webGUI > menu Settings > SNMP)
  8. If your device is capable to connect to update servers, regularly update system packages

 

Some possible additional steps:

  1. Configure Linux iptables to allow access only from a specified IP range.
  2. Configure your device to use SNMPv3 instead of v1 or v2 (see corresponding chapter in User's Manual how to switch)
  3. You can also harden the HTTPS security by editing webserver configuration and using your own SSL ciphers suite/protocols.
  4. Minimize information in a modem log.
  5. By default intrusion prevention software Fail2ban protects your device from brute-force attacks. You may additionally harden fail2ban ruleset.
  6. Follow this guide to completely block incoming messages
  7. Follow this guide to limit incoming SMS to specific numbers

 

Was this article helpful?
1 out of 2 found this helpful