×

UniFi Video will reach end-of-support on December 31st, 2020.

For more information, please refer to the official community notice.

airMAX - Securing airOS Best Practices

Overview

This article discusses a few suggested best practices for a secure airOS. The best practices discussed are just the minimum suggested, any extra precautions are encouraged.

Table of Contents

  1. Keep Firmware Up to Date
  2. Restrict Access
  3. Select the Correct Password
  4. Identify Infected Devices
  5. Related Articles

Keep Firmware Up to Date

Back to Top

One of the most important steps will be to keep your airOS firmware up to date. Using out of date firmware poses a significant risk as they will not include patches for identified security holes. If you would like to receive automatic notifications of new airOS firmware releases and security notices, please subscribe to the airMAX Updates Blog by clicking on Blog Options > Subscribe on the upper left hand side.

NOTE:airOS devices that can reach the Internet and have valid DNS servers will show that an update is available in the Web UI, provided this feature has not been disabled.

Restrict Access

Back to Top

Restricting access is especially important for devices with public IP addresses. Restrict access to management interfaces such as SSH/HTTP/HTTPS via firewall or by disabling “Remote Management” on the Network tab.

Another option would be to use the built-in firewall to restrict access to management interfaces. This example shows an airOS devices in Router mode w/ WLAN port as WAN (Internet-facing).  

Radio IP = 192.168.1.67 (This should be a public IP address)

Whitelisted/allowed IP = 1.1.1.1

airMAX M

airMAX AC - Router mode

As of v8.5.8+ firmware, airMAX AC devices in router mode can now add use an IP/Mask Access Control List (under WAN -> ACL) to whitelist remote IPs to allow remote access when Block Management Access is enabled.

 

airMAX AC - Bridge mode

Select the Correct Password

Back to Top

Use 8+ character non-dictionary administrator passwords. For additional complexity, change the username to something other than ubnt. Do so in the System tab.

Identify Infected Devices

Back to Top

Symptoms of an infected device may include:

  • An inaccessible or corrupted web interface
  • Increased traffic
  • Management ports changed or disabled
  • Custom scripts Detected warning message on Main airOS tab (see below)

If you are unsure if a device has been compromised, please contact our support team. If you would like to report a vulnerability you have discovered, please see Security Rewards information.

Related Articles

Back to Top

UBNT Guide to Basic Security

Was this article helpful?
14 out of 18 found this helpful

Submit an RMA request

Visit the Ubiquiti RMA portal to submit a warranty claim for your Ubiquiti device.

Visit the RMA portal >

Plan your UniFi Deployment

Use the Design Center to design your UniFi Network using the most suitable products.

Try the UniFi Design Center >

Talk to other Ubiquiti users

Visit our worldwide community of Ubiquiti experts for more answers and solutions.

Ask the Ubiquiti Community >