Little Introduction:
On March 2010, Telekom Malaysia Berhad (TM) launched its High Speed Broadband (HSBB) service, called ‘UniFi‘. TM’s UniFi high speed broadband packages comprises services of high speed Internet, video (IPTV), and phone, with speeds of 5 Mbps, 10Mbps and 20Mbps.
Upon sign up, the customer will receive 4 pieces of equipment:
- Fiber Broadband Termination Unit (BTU), ie. where you connect the fiber optic cable into.
- WiFi router (D-Link, D-615 with custom firmware), which is plugged into the fiber BTU.
- Set-Top box for IPTV and VoD, which will plug into the WiFi router.
- DECT phone plugged into the Fiber BTU.
I’m not going to rant about the UniFi or TMNet’s services, nor speed, nor the much debated bandwith cap that TM said they’re going to impose.
I’m going to talk about the security (or the lack thereof) of the default WiFi router setup.
Once the customer signed-up for UniFi services, the TM’s technician will do all the equipment installations in your premises/homes for you. Nice, BUT, the default WiFi router setup done by the technicians has very low security features:
- The router is not configured to drop ICMP packet, making an attacker able to ping those unprotected routers, telling him it’s alive and connected to the internet.
- The firewall is disabled.
- The router has remote access enabled. Making it worse, it has no authorised IP filter (has default config of 0.0.0.0, meaning anybody, anywhere, can log in to your router web interface). The web interface port number are also set to default.
- And the BIGGEST, BADDEST flaw: The router’s Administrator password is still the default ones!!
With the default configurations as above, even a child with a web browser sitting miles away could go into your routers!! I’ve done this personally, where I can easily scan a range of UniFi’s IP addresses, and log on to their routers.
I understood if the above setup is to ease TM’s effort to do some troubleshooting/support remotely for their customers. However, The least they can do is change the default administrators password for the WiFi routers! Change the password to something unique for each customer. They still can keep records of the users router’s password if they need to do troubleshooting/support purposes remotely.
Not all TM’s customers are technically savvy to secure their own home networking. So, the purpose of this article is to share/educate/guide some basic protection for your home network.
Secure your home network:
Login in to your router’s web interface. Open a web browser, go to http://192.168.0.1 . You will be prompt for admin username and password. Open your D-Link Router manual for more info.
1. Change your Router’s Administrator password.
- Go to ‘Maintenance’ tab, under ‘Admin Password’ section. Rename your password there.
2. Rename your Wireless Network Name/ SSID.
The default SSID has the customer’s name, i.e.: myfirstname@unifi. This possible could leads to privacy issues, as outsiders knows who’s using what ISP services (UniFi, Streamyx, etc).
- Go to ‘Setup’ tab, click ‘Wireless Setup’ menu on the left.
- Under ‘Multiple Wireless Network Name (SSIDS)’ section, click ‘Multiple Wireless Network Name Setup’ button.
- You will be taken to a page with ‘Wireless Network Name’ section. Rename your existing Wireless Network Name/SSID there.
3. Disable Remote Access to your router.
- Go to ‘Maintenance’ tab, under ‘Remote Management’ section. Un-check ‘Enable Remote Management:’ check box.
4. Enable Firewall
- Go to ‘Advanced’ tab, click ‘Firewall & DMZ’ menu on the left.
- Under ‘Outside Firewall Setting’ section, checked the ‘Enable WAN to LAN Firewall :’ check box.
- Then, checked all the check box inside the rows of ‘DOS ATTACK’, ‘POST SCAN ATTACK’ and ‘SERVICE FILTER’.
- To find out what all these settings do, feel free to Google each of the check box descriptions.
Few suggestions to TM, I strongly recommends that the technicians doing the UniFi’s installation, increase some level of customers home networking security. The very basic they can do is to change the WiFi routers default administrator’s password upon installation, and keep that password if they need to do troubleshooting/support purposes remotely.
Be safe.
Home Automation & Networking – A complete guide on how to Automate & Network your Home, ranging from a simple installation to a total integrated Home control system.
Hi to Domain owner,
Thanks for your effort to share those little security thinggy. Now a day, security become very worst to internet user. Doesnt matter if you enable, ICMP or NAT or personal firewall.. If someone wish to hack, they will get into your system. I dont want to describe how to attack in. But be cautious on your connection log by performaing Netstat in your CMD. if you feel suspicious on the TCP log.
Please kill the IP, and closed the port. There`s lot of proggy can sniff into your wireless threshold. Encryption password 64bits/128bits crackable even you`re using WEP, WPA, WPA2.
p/s : Wish to add your TCP/IP port for faster connection ? patch your system with TCP IP SP2 Patcher.But make sure you know your familiar with your port.
p/s : Using XP is better than other OS version. Say sucks to Vista & 7.
Anonymous Security
Woot for Root
Hi Yasser,
1. Who make the firmware ?
My answer is dlink manufacturer.
2. Who control the firmware ?
My answer is your ISP. They need to control their SNR signal power flow to match with Dlink firmware.
3. Why they made custom firmware ?
They need to ensure DSLAM Synch Rate and your DSL DB Ratio is in within TM range.
4. Cant setup USB on your Dlink Router and share with your other device ?
Explore more and there`s a way. Stop instigate others.
Thank you.
Anonymous Security
Woot for Root
Hi Anonymous Nmap,
1. Thanks for your clarification on some points that you cleared to me. In addition, you seems you are an IT expert and i don’t have all that Advanced IT information that you got. I am Normal Internet user know basic things and would like to learn. 🙂
2. According to USB Port at the TM-Dlink Router I called personally the UniFi Center asked them about that and they told me the USB doesn’t work. 🙂
3. I think your duty as an IT Expert to leave a Simple and Good comment to let others and normal people like me to understand you well without all that complicated shortcuts at your respective reply. 🙂
4. This is a Blog that people have a free space to discuss about certain subjects following certain rules such as: respecting each other without use any bad words to share their experiences and opinions with each other FREE.
5. Your right to write your opinion and discuss BUT Completely Unacceptable when you said about me at your reply “Stop instigate others” which I can consider Libel Case and Make you in legal Trouble !
So Could you please Next Time Pay attention to your words Carefully before you write.
6. In conclusion, Could you Please Mr. “Anonymous Security” read all Subject and comments at the Blog before you made your decision to leave any comments and participate to know that before I left my comments the people were complained and tell their opinions. As a result, Please Do not rush to write anything about others.
Regards,
Hi Yasser,
Thank you for your comment. Hot & Spicy. haha
You`re talking about this, about that, about TM router.. i use their RG, router without any problem. So ?
“Libel Case and Make you in legal Trouble ! ” Quote from you. << My Leg, hand, body, neuron all shaking..so scare !!! LOL
" In my opinion the router that TM created is very bad " Quote from your reply at May 27,2011 << can i drag you into Legal trouble ? Summon ?
" This is another indicator to make this Router from TM not good " Quote from your reply at May 31, 2011 << Can i drag you into Legal Trouble ? Summon ?
" How can i install and use the Shareport technology which located at the front of the router? I don’t know some people say it’s not usable !!!!!! Is it real? ! Because I want to try it for my Printer " Quote from your reply at May 27, 2011 << Human born without knowledge. Search for it and practise.
I saw you stress, and pressure. Go to clinic and get your stress pill. Relief your stress and start searching about IT.
Anonymous Security
Woot for Root
Hi Anonymous Nmap,
LoOoOoOoOoL You know you are Very Funny. It’s OK What’s your opinion to go to the Clinic together It’s Good Idea: Ask me Why? 🙂
From my Side i will get a stress pill to relief my stress and to start searching about IT because you know Stress Pills Very Useful for my Case as you said.
From your Side I think you got Disease Vanity this very annoying disease. You know Why? Because this disease make you act and believe what you said about yourself. Mr. “Anonymous Security”. LoOoOoL I think you like to Play this role on others. I am not a Psychiatrist Doctor but let us go together and see.
Please Darling let us go together and take a treatments for all that Mental Disorders. You know I am Very Sad about you. Really the Mental disorders that you got It’s not an Easy it will take a long time to be recovered.
Buy Buy Darling….Don’t forget our appointment at the Psychiatric Clinic I made a reservation to both of us 🙂
Zam, any idea how to setup ip camera with unifi router?
I have no idea, but shouldn’t be any different from any other webcam.
Hi Freshcam Man,
You can link IP camera through your Unifi Router.
For example, your IP camera ip is 192.168.3.1.
Your public ip is http://11.22.33.44
Go to 192.168.0.1 ( default gateway )
go to Advanced > Advanced port forwarding rules
type in 192.168.3.1 in private ip.
Create your own public ip . example http://11.22.33.44 for your view.
Choose http for your application and name your port forwarding rule 1 as IP Camera.
Choose your port. You may refer to book guide from your IP Camera. Setup your IP Camera software with assigned ip 192.168.3.1 and assign port 80.
Apply these setting in IP Camera Utilities.
IP : 192.168.3.1
subnet : 255.255.255.0
gateway : please follow unifi router default gateway 192.168.0.1
Port : 80 / 5050 / 8080 / 3124 / up to u
enter primary dns : 202.188.0.133 ( unifi consumer dns gateway )
enter secondary dns : 202.188.1.5 ( unifi consumer dns gateway )
after your done that. save settings and reboot.
Try to test ping your camera IP 192.168.3.1 and check lost packet. If no lost packet, thats mean you have successfully configure it.
You can view your Camera from anywhere by entering your assigned public ip.
Check your Firewall setting in router. do not block packet from outside.
If you on your Lan to Wan firewall, please make sure you assign IP camera ip 192.168.3.1 in filter rules.
Leave MAC address empty.
Enter assigned port.
Traffic type any.
Action choose allow.
Schedule choose always.
after your done that. save settings and reboot.
Selamat mencuba.
I’ve only one question.
Where do you get the username & password to access the router interface? I know you mentioned check the manual but I couldn’t find one and I did call the tech that did the installaion.. he wouldn’t give it to me.
Help? “/ Thanks.
@kimberly: Try here:
http://unifi.athena.my/router_security.html
Hi Kimberly SQY,
You may use username as “admin” without quote and leave password blank. Then go to advanced tab to change your password.
If you forgotten your router gateway password, you may press & hold reset button located behind router. Press for 10 second and everything will be back to factory setting.
Default username is admin. default password is blank.
Please tutor me on how to change my e-mail password.
do unifi open on sunday because i want to call them
keep me posted.
Do you have the latest Router security setup guide and configuration of DNS for RG TMRND router ? new installation no longer use Dlink router
Thanks
same as you Jerry,got unifi installed today with the new RG TMRND Gen.1.0
they’re not using Dlink anymore as I supposed most of early subscribers did…
Just discovered that the new RG TMRND routers which replace the DLink
dont even allow a change of the default password (none).
called TM and they cant explain why, even though they should know of the
risks involved
Have you guys tried operator/h566UniFi
thanks that worked
Just had unifi installed in my house yesterday. Tried calling TM technical but they were busy, so I did a google search on the internet,”How to change my unifi password” and found your article. Great and easy to understand instructions, many thanks, Nazham! By the way what is my email address? Is it the one that says …….@unifi on TM’s Service acceptance form? If I had changed this as advised by you in Step 2, does that mean, my email address has also changed to the new one? What is my email password? I don’t recall being advised of the password by TM service staff. Nazham, my apologies if I sound dumb with the questions that I have posted up here, just trying to find my way around this unifi world securely and safely. Rgds ML.
Mike,
Your email address would be @unifi.my. Refer to your confirmation slip. Step 2 just for changing your wifi name, nothing to do with your email address.
Email password also would be in your confirmation slip, given to you (to your email) when you register.
Hey Do anyone know how to port forward on Unifi router so that other people can join my Call of duty 4 server? I have done everything but couldn’t get it working. Thanking You in advance. 😀
Hi Nazham,
Thank u vry much for sharing this and its very useful for me indeed. When i asked the TM technician whether i can chg my unifi userid, n he said i can’t. But i’m sure there is a way and you have proved it.. Thank again bro… Have a great day ahead.. Could you give me ur email id and hope to learn from you more. Cheers..
Dear Nazham
I just purchased a wireless transmitter. After the installation, I found out that my Ipad and Iphone could not detect the unifi frequency. Other computer/notebooks are doing fine. Can you assist me?
I have successfully made changes on the settings as per your steps1-3.
However, when I tried to apply “Save Settings” on step 4, the system would not allow me with a message “Settings have not changed”
Now im terified….
Your assistance is much apprecated. Thanks ~ Adela
Hi,
I need to have a better control of my Unifi router. I wish to block IM applications as the other tenants in my house seem to abuse my broadband connection.
You can block it via port number.
Unifi router DIR 615.
Any idea how to successfully open a port? I’ve done all the necessary changes but the port still isn’t opened. so frustrating.
Have you tried “Advanced” -> “Port Forwarding” ?
Hi,
Before sign, any thing need to look/verify after installation been done by TM Unifi? next week they going to install into my premise.