Enable the firewall and disable the unused services and interfaces in the device. To start, disallow traffic and allow only the needed traffic. Use the default policy to drop connections.
- Check that the firewall is enabled.
- For incoming connections, always filter (drop) all unused ports which may include DNS, L2TP-VPN, SNMP and so on.
- Check that the default action is “drop” in firewalls and allow only the needed ports.
- Set unique passwords for each device.
- Keep passwords stored in a safe place, for example, Encrypted password management tool.
- Check that all unused services are disabled.
- If possible, allow IP connections only via VPN.
- Back up the configuration.