How can we help?

How to secure your SMSEagle

Follow

SMSEagle devices are designed to achieve highest security standards in terms of application design and operating system security. A default device settings allow you to keep a balance between flexibility and security. However, if you would like to strenghten your default configuration with additional security-oriented measures, here is what you may do:

  1. Replace default self-signed SSL certificate with your own SSL certificate (or install Let's encrypt certificate).
  2. Redirect HTTP traffic to HTTPS
  3. In features (like Email2SMS Poller, SMS To Email, LDAP) always use SSL/TLS encryption
  4. Disable external access to the database (webGUI > menu Settings > parameter "Access to DB for external applications"). This is disabled by default since software version 3.5.
  5. Use API token as API Authentication method.

 

Some possible additional steps:

  1.  Configure iptables to allow access only from a specified IP range.
  2. Configure your device to use SNMPv3 instead of v1 or v2 (see corresponding chapter in User's Manual how to switch)
  3. You can also harden the HTTPS security by editing webserver configuration and using your own SSL ciphers suite/protocols.

 

Was this article helpful?
0 out of 1 found this helpful