Security Best Practices

gjohnson5 · July 3, 2025, 6:34pm

Hi Alta Labs
I’m now to route10. I’m mainly using it for IDS/IPS and packet filtering solutions.
Aside from updating the firmware on a route 10 , what are some setting I should change immediately to make sure I’ve get the best configuration for network security on a route 10?
Is there a document I should read?

jmszuch · July 3, 2025, 8:38pm

I suppose it depends on what you’re looking to secure. I think the defaults on the Route10 are pretty sensible. They wouldn’t be very good defaults if they needed to be changed right away!

The firewall allows traffic out and not in unless asked for (more information on those here https://help.alta.inc/hc/en-us/articles/33797049104795-Creating-Firewall-Rules). The only access to the Route10 is through the controller by default. A couple things I could think of to secure the network as a whole would be to

Enable Multi Factor Authentication on your cloud controller account: https://help.alta.inc/hc/en-us/articles/26752960092187-How-To-Enable-Multi-Factor-Authentication
You could consider using DNS filtering services such as https://quad9.net/ or Free DNS Servers - Anonymize Your Internet to keep devices from reaching know malicious websites (just to help augment the IDS/IPS rules)
Consider using VLANs to segment your network and prevent data from traveling laterally around your network unless they need to. So for instance, have your network equipment on a vlan, your personal devices on a vlan, printers on a vlan, wireless devices on a vlan, IoT devices on a vlan, etc. Although you don’t have to do it that exact way!

gjohnson5 · July 3, 2025, 9:10pm

Yes , the MFA is a good one. I did turn on OTP so the codes are generated on yubikey instead of a cloud account Having said that, I thinking about the controller from the same reason. I did find the cloud setup to be easy despite the chit chatter on reddit. Once I downloaded the IOS app , things went pretty smoothly for me. Things seem to be working smoothly now. Thanks alot for your help

jmszuch · July 3, 2025, 9:22pm

No problem!

Yeah, I think the setup through the app and cloud controller is generally pretty slick and haven’t bumped into any issues myself (not to say it’s impossible some people have had issues, of course).