Daktronics

How to secure your Sierra Wireless modem for use with your LED display.

Topic

  • How do I secure my Sierra Wireless modem for use with digital displays?
  • How do I disable Telnet to my modem?
  • How do I set my modem so it doesn't respond to pings?
  • How do I disable HTTP access to my modem?
  • How to disable outbound SSH and telnet traffic on a Sierra Wireless modem?

Environment

  • Product Family: Billboards, Message Displays, Transportation
  • Products:
  • Components: Sierra Wireless AirLink modems or gateways with a static IP address assigned
    • Raven XE/XT, LS300, GX400, GX440, GX450, ES450, RV50, MP70
  • Control System:

Steps

NOTE: The steps below are specific to Sierra Wireless modems, but can be generally applied to most other modem providers.  Please work directly with your Internet Service Provider (ISP) or modem provider for detailed instructions.

  1. Verify the modem's firmware is up to date, follow DD3643150.
  2. Change the default password on the modem, follow DD3498229. 
    • (New steps added to DD3498229 for changing the Viewer password on Sept. 11, 2017)
  3. Connect to the modem again and log in.
  4. Disable HTTP access to the modem: Using SSL sets up a secure encrypted connection between your computer and the device, making it much harder for something else to get in there and steal information.
    1. Click on the Services tab.
    2. Select AceManager on the side bar.
    3. Change both OTA Access and Tethered Access to HTTPS Only and click Apply.
  5. Disable Telnet to the modem: Similar to SSL, SSH is a more secure and encrypted connection with the device.  Also, Telnet is one of the primary ways that hackers and others use to brute-force their way into a device, so switching to SSH is a very good idea.
    1. Select Telnet/SSH on the side bar.
    2. Change the OTA Login Server Mode to SSH and click Apply.
  6. Disable ping responses by the modem: Disabling ping responses makes your modem more invisible to hackers and bots.  If they don't know the device is there, they are much less likely to try to attack it.
    1. Select the WAN/Cellular tab.
    2. Expand the Advanced heading.
    3. Change the Response to Incoming Ping to:
      • Galaxy Displays =  No Response.
      • Billboard Displays = Pass to Host.
    4. Click Apply
  7. Disable outbound SSH and telnet traffic.  Some viruses and malware will attempt to reach out to a "command center" for further instructions, blocking these ports will help block that traffic.
  8. Click the Reboot button to reboot the modem and implement all the changes.

KB ID: DD3642163

DISCLAIMER: Use of this content may void the equipment warranty, please read the disclaimer prior to performing any service of the equipment.

DAKTRONICS DOES NOT PROMISE THAT THE CONTENT PROVIDED HEREIN IS ERROR-FREE OR THAT ANY DEFECTS WILL BE CORRECTED, OR THAT YOUR USE OF THE CONTENT WILL PROVIDE SPECIFIC RESULTS. THE CONTENT IS DELIVERED ON AN "AS-IS" AND "AS-AVAILABLE" BASIS. ALL INFORMATION PROVIDED IN THIS ARTICLE IS SUBJECT TO CHANGE WITHOUT NOTICE. DAKTRONICS DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING ANY WARRANTIES OF ACCURACY, NON-INFRINGEMENT, MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. DAKTRONICS DISCLAIMS ANY AND ALL LIABILITY FOR THE ACTS, OMISSIONS AND CONDUCT OF YOU OR ANY THIRD PARTIES IN CONNECTION WITH OR RELATED TO YOUR USE OF THE CONTENT. ADJUSTMENT, REPAIR, OR SERVICE OF THE EQUIPMENT BY ANYONE OTHER THAN DAKTRONICS OR ITS AUTHORIZED REPAIR AGENTS MAY VOID THE EQUIPMENT WARRANTY. YOU ASSUME TOTAL RESPONSIBILITY FOR YOUR USE OF THE CONTENT AND ANY LINKED CONTENT. YOUR SOLE REMEDY AGAINST DAKTRONICS FOR DISSATISFACTION WITH THE CONTENT IS TO STOP USING THE CONTENT. THIS LIMITATION OF RELIEF IS A PART OF THE BARGAIN BETWEEN THE PARTIES.

The above disclaimer applies to any property damage, equipment failure, liability, infringement, or personal injury claim arising out of or in any way related to your use or application of the content, whether such claim is for breach of contract, tort, negligence or any other cause of action.