• Home Support Forums Report Vulnerability Shop US     English | French

Product Security Guidelines

  1. Strategy of defense in depth
    • This document aims to raise your awareness of security aspects in D-Link Products.
    • The first priority in automation is to keep the production and the process under control. This priority must not be compromised by measures intended to prevent a security threat from propagating.
    • This document describes possible critical points and how to minimize them selectively.
    • The description will enable you to take appropriate measures to increase security.
  2. Security hardening:
    Password suggestions:

    • Change default password at time of first log-in. An 8-digit long password and a combination of characters and numbers is minimum requirement.
    • Strengthen your password, which should (1) be different from your login ID, (2) be longer than the default digit length, (3) contain uppercase and lowercase letters and numbers, and (4) contain symbols, if allowed..
    • Change the password regularly.

    Disable unused service:

    • Any unnecessary service must be disabled. These unneeded services, especially those that use User Datagram Protocol (UDP), are generally used for legitimate purposes but can be used in order to launch DoS and other attacks that are otherwise prevented by packet filtering.
    • Configure you network setting as manual, DISABLE the unnecessary service(s), or follow the security default settings.

    Secured deployment:

    • Deploy a firewall to help protect your network from malicious attacks.
    • Follow the firewall settings default.
    • Regularly check and download any firmware update for security patches. Only use trusted applications. Do NOT use any applications or executable file which is not from D-Link Systems website when configuring or managing your device.
  3. Security disposal
    • Please call support or contact a local agency for recycling of D-Link products.
    • Please ensure removal of any stored media (memory card, usb, others) and preform a factory reset before you recycle or dispose of your D-Link product.
  4. Security Operations:
    In general cases, user will be defaulted as Administrator for D-Link Products, therefore user needs to ensure all the hardening features used and consider the possible risk. Administrators are recommended to evaluate each option for its potential risk before they implement the option. There are some common vulnerabilities that could put your device or data at risk:

    Password suggestions:

    • Lack of password complexity significantly reduces the search space needed for a hacker when trying to guess user's passwords, making brute-force attacks easier.

    Disable unused service:

    • Unauthorized entities may intercept communications between management interface and devices to monitor, gain access to, disclose, or alter remote management commands. Unauthorized entities may intercept unprotected wireless communications between the mobile device and the Enterprise to monitor, gain access to, disclose, or alter data.
    • An attacker may masquerade as Server and attempt to compromise the integrity of the mobile device by sending malicious management commands.

    Network security:

    • The device relies on network connectivity to carry out its management activities. The device will robustly handle instances when connectivity is unavailable or unreliable.

    Only use trusted application:

    • Malicious or flawed application threats exist because apps loaded onto a device may include malicious or exploitable code. An administrator or user may inadvertently import malicious code, or an attacker may insert malicious code into the device, resulting in the compromise of device or relevant data.
  5. Account Management
    • Administrator: personnel who are not careless, willfully negligent, or hostile, are assigned and authorized as the device Administrators, and do so using and abiding by guidance documentation.
    • General users who are not willfully negligent or hostile and use the device within compliance of a reasonable limitation regarding security management.