The Ubiquiti EdgeRouter Hardening Guide is over 30 pages of router security commands, advice, and best practices that you can implement in your networks. Use this guide to gain a deeper understanding of Ubiquiti security and implement some security "quick wins" in your organization.

The following tasks are covered in this guide:

• Device baseline port scan (Nmap)
• Physical security check:
  • Add interface descriptions
  • Disable unused interfaces
  • Verify physical device security
• Secure router services:
  • Disable Telnet
  • Secure SSH access
  • Secure GUI access
  • Disable / prune Neighbor Discovery
  • Disable / prune LLDP
  • Secure SNMP monitoring
• Configure the firewall:
  • Configure address groups
  • Filter WAN traffic inbound
  • Filter local traffic outbound
  • Filter management connections
  • Enable Source Validation (BCP #38)
  • Block ICMP redirects
  • Block broadcast ”pings”
• Manage router credentials:
  • Change default user password
  • Create individual credentials
  • Disable / remove default user
• Use best practices:
  • Configure timezone and NTP
  • Set login banners
  • Ship logs to a Syslog server
  • Disable source routing