Here are some tips for securing your Peplink routers using InControl2.
1. At the organisation level in the “Organisation Settings” enable “Two-factor authentication” and enable “Authenticated with Password”
The “Idle timeout” shown in this image is the InControl2 default, you may want to reduce this from 240 minutes to 30 or less depending on your security requirements.
Leave access for Peplink Support available until you have stabilised your system. Peplink have excellent in-house security practices, so you may leave this open long term if you choose.
2. Next navigate into the group settings (you’ll need to do this for each group of devices). Choose your required timezone and then enable “Devices follow this time zone setting”, many security systems rely on having correct timezone, you’ll also make it easier to analyse logs if your timezone the same in your systems.
3. Continue down and enable “Device Web Admin Authentication”, the menu will expand. For “Admin Password” select “Assign a random password for each device” and tick the box “Reassign a new one”.
4. For “Read-only User Password” select “Disable” and tick the box “Re-disable on all devices”.
5. For “Web Admin Access from WAN” from the drop down menu choose “Disable”. This is especially important if you are going to be running a web server behind your Peplink router that uses port 80 or port 443.
And remember to press “Save Changes”
6. The next thing is to assign user permissions. Only give people trained and knowledgeable as network administrators access to the Organisational Level as “Organisation Administrator”, restrict everyone else to “Organisation Viewer” only (if need at organisation level) or put them into the group(s) they are entitled to access (thus restricting them from seeing other groups) with only “Group Viewer” access.