Little Introduction:
On March 2010, Telekom Malaysia Berhad (TM) launched its High Speed Broadband (HSBB) service, called ‘UniFi‘. TM’s UniFi high speed broadband packages comprises services of high speed Internet, video (IPTV), and phone, with speeds of 5 Mbps, 10Mbps and 20Mbps.
Upon sign up, the customer will receive 4 pieces of equipment:
- Fiber Broadband Termination Unit (BTU), ie. where you connect the fiber optic cable into.
- WiFi router (D-Link, D-615 with custom firmware), which is plugged into the fiber BTU.
- Set-Top box for IPTV and VoD, which will plug into the WiFi router.
- DECT phone plugged into the Fiber BTU.
I’m not going to rant about the UniFi or TMNet’s services, nor speed, nor the much debated bandwith cap that TM said they’re going to impose.
I’m going to talk about the security (or the lack thereof) of the default WiFi router setup.
Once the customer signed-up for UniFi services, the TM’s technician will do all the equipment installations in your premises/homes for you. Nice, BUT, the default WiFi router setup done by the technicians has very low security features:
- The router is not configured to drop ICMP packet, making an attacker able to ping those unprotected routers, telling him it’s alive and connected to the internet.
- The firewall is disabled.
- The router has remote access enabled. Making it worse, it has no authorised IP filter (has default config of 0.0.0.0, meaning anybody, anywhere, can log in to your router web interface). The web interface port number are also set to default.
- And the BIGGEST, BADDEST flaw: The router’s Administrator password is still the default ones!!
With the default configurations as above, even a child with a web browser sitting miles away could go into your routers!! I’ve done this personally, where I can easily scan a range of UniFi’s IP addresses, and log on to their routers.
I understood if the above setup is to ease TM’s effort to do some troubleshooting/support remotely for their customers. However, The least they can do is change the default administrators password for the WiFi routers! Change the password to something unique for each customer. They still can keep records of the users router’s password if they need to do troubleshooting/support purposes remotely.
Not all TM’s customers are technically savvy to secure their own home networking. So, the purpose of this article is to share/educate/guide some basic protection for your home network.
Secure your home network:
Login in to your router’s web interface. Open a web browser, go to http://192.168.0.1 . You will be prompt for admin username and password. Open your D-Link Router manual for more info.
1. Change your Router’s Administrator password.
- Go to ‘Maintenance’ tab, under ‘Admin Password’ section. Rename your password there.
2. Rename your Wireless Network Name/ SSID.
The default SSID has the customer’s name, i.e.: myfirstname@unifi. This possible could leads to privacy issues, as outsiders knows who’s using what ISP services (UniFi, Streamyx, etc).
- Go to ‘Setup’ tab, click ‘Wireless Setup’ menu on the left.
- Under ‘Multiple Wireless Network Name (SSIDS)’ section, click ‘Multiple Wireless Network Name Setup’ button.
- You will be taken to a page with ‘Wireless Network Name’ section. Rename your existing Wireless Network Name/SSID there.
3. Disable Remote Access to your router.
- Go to ‘Maintenance’ tab, under ‘Remote Management’ section. Un-check ‘Enable Remote Management:’ check box.
4. Enable Firewall
- Go to ‘Advanced’ tab, click ‘Firewall & DMZ’ menu on the left.
- Under ‘Outside Firewall Setting’ section, checked the ‘Enable WAN to LAN Firewall :’ check box.
- Then, checked all the check box inside the rows of ‘DOS ATTACK’, ‘POST SCAN ATTACK’ and ‘SERVICE FILTER’.
- To find out what all these settings do, feel free to Google each of the check box descriptions.
Few suggestions to TM, I strongly recommends that the technicians doing the UniFi’s installation, increase some level of customers home networking security. The very basic they can do is to change the WiFi routers default administrator’s password upon installation, and keep that password if they need to do troubleshooting/support purposes remotely.
Be safe.
Home Automation & Networking – A complete guide on how to Automate & Network your Home, ranging from a simple installation to a total integrated Home control system.
Great info! Thanks for sharing your experiences.
Hey guys, one question. Unify comes with 1 DECT phone. If I want another phone upstair, I can buy one and lay cable all the way up.
Is there any DECT phone out there that I can buy, but can connect wirelessly without the need to cable all the way up? My previous Panasonic with twin set did that when I was using Streamyx.
Hi User,
Do you know that no matter how many times we change/rename our info under the “Rename your Wireless Network Name/ SSID”, it will change back to the one that has been set up by unifi admin. It seems pointless to change the info, because sometimes my wireless name is set back to the ID assigned by unifi.
1 question; I am connected to unifi via cable (to my laptop and my sony TV). However, I noticed that my wireless is still accessible (tried to connect my phone and successful). I want to turn off my wireless connection, is it possible? I have changed the wireless password but I am not confident this will help to secure my internet connection.
Thank you in advance.
To disable wireless:
Setup -> Wireless Setup -> Multiple Wireless Network Name Setup
Untick the checkbox next to your wireless name.
Make sure you click the button ‘Save’.
Just installed Unify but after few hours, my Internet down. The WAN lights up yellow as indicated on the router. Phone OK. Any idea what’s going on & how to trouble shoot? Already call TM but no news from technician yet.
hallo~i want Change the password how i can change?
Setup -> wireless setup, for wifi password
Maintenance -> admin password, for router’s
salam….sy nk tnye….ada tak sesiapa tahu cara nak dismantle fibre optic wire dari slot dia kat BTU unifi?…sbb nk move out…thought can terminate mcm biasa…mcm ada laser lock…hope sgt2 ada sesiapa tahu psl ni…thanx
Reply by a reader:
Tak payah dismantled kot. Sebab device/router tu you dah bawak pergi .. dlm router tu aje ada nama & acct tuan punya kan. IP address pun semua sama utk semua.
Rgds,
Nazaruddin Zaharin
i did the changes tp i xbleh bukak iptv, it prompt 2 key in the username n password, i did key in the username & password given by tm earlier in the email tp xbleh jugak.. what shd i do
I had just installed Unifi, now each time i try to connect via wireless to my Apple laptop, it says connection timed out. What can i do to rectify this?
Change the wireless channel from auto to other available channel such as 11. This can be done via admin access to your router. Otherwise, it could be your laptop configuration on its wireless settings.
Hi Bro,
thanks a lot for your info. Very useful. Was wondering, is it possible to use our own personal modem router instead of the TM’s modem & router?
Thanks.
Yes. It’s possible using your own router:
http://unifi.athena.my/custom_routers.php
Bro,
Roger, thanks for your help & prompt response !
Cheers
I installed unifi. I Hv win 7, MacBook,iPad,iPhone at home. My prob is my MacBook connection disconnected every 3 mins.my iPhone n iPad also vr often cannot connect n need to on off my wifi on my ‘i’ gadgets. I hv set my channel from auto to 11 but still same probs. Kindly guide me.
Thank you
can someone just help me ? i cant the step provided is not compatible for my router !! there is no remote management under maintenance tab !!! and no admin password section under maintenance tab !!!
Saya punya wireless unifi dah tak boleh guna. Tapi Kalau saya tambah ssid name lagi 1, blh plak guna. Kawan kata tukar channel WiFi tu. Mcmna nk tukar cnnel? Plz help. Send kat email saya ye. Tqvm
tumpang tanye bro…yang ni semue untuk ape ye?ade xde effect ke nnti kat internet?
Go to ‘Advanced’ tab, click ‘Firewall & DMZ’ menu on the left.
Under ‘Outside Firewall Setting’ section, checked the ‘Enable WAN to LAN Firewall :’ check box.
Then, checked all the check box inside the rows of ‘DOS ATTACK’, ‘POST SCAN ATTACK’ and ‘SERVICE FILTER’.
To find out what all these settings do, feel free to Google each of the check box descriptions.
Ini adalah untuk activate firewall pada router anda. Untuk security.
lepas buat setting ini semua router saya sudah hang, skrg tak boleh pakai internet, kena call 100 org telekom datang setting balik, ok dah.
Does anyone have trouble connecting to a FTP site with filezilla. I get a conflict with the external ip address
I’m using filezilla to connect to ftp site, an there’s no problem. I don’t think Unifi causing it.
Salam,
We just installed a UNIFI last Saturday, and yesterday we connected our CCTV to the UNFI.
Issue: Initially, we cannot access the CCTV using UNIFI via our Iphone, have to switch off Wi-Fi and run on 3G – Iphone Celcom, and seems that the UNIFI performance also slow, so we called UNIFI Helpline.
Then the Agent requested us to change the channel to “13”, and then after one hour, the Iphone cannot detect the Wi_Fi existence, and hence using 3G also cannot access the CCTV.
Have called them but UNIFI says that from their checking Internet is OK, and if their technician come over, and if our fault, we will be charged RM 50.00.
Would appreciate your expertise that may be useful to us.
Wassalam
Very useful info. Thnx
I got the package with Huawei Gateway, model HG556a; I want to access to my modem configuration settings. I logged in with “user” as ID and password, but the interface is only info tables. I need to access full config. scheme. Does anybody knows what is the ID n password??
p.s. I already reset the modem but I don’t know the default ID n pass. I already tried “advanced”, “admin”…
PLZ CMNT
TQ
My UniFi set-top-box is not working. Can this be reparied and if so where ?
If if buy new one from TM it is 400 +50 RM charges which is huge amount. Please advise.
please help. I want to know why is that when I switched on my Hypptv, my wifi connection is disconnected?