S 4.82 Secure configuration of active network components

Initiation responsibility: Head of IT Section, IT Security Management

Implementation responsibility: Administrators

In addition to the security of server systems and terminal devices, that of the actual network infrastructure together with its active network components is often neglected. Particularly central, active network components need to be configured in a careful fashion. Whereas a faulty configuration of a server system only affects persons making use of the services offered by this system, a faulty configuration of a router can lead to a failure of large subnetworks, if not the entire network, and cause data to be corrupted unnoticed.

A secure configuration of active network components must also be defined as part of the network concept (refer to S 2.141 Development of a network concept). Particular attention must be paid to the following items here:

• For routers and layer-3 switching, a decision is required as to which protocols should be forwarded and which should be barred. This can be achieved through the use of suitable filters.

• A specification is required as to which IT systems are to communicate in which direction via the routers. This can also be achieved through the implementation of filter rules.

• Insofar as it is supported by the active network components, a specification is also required as to which IT systems are to have access to the ports of the switches and hubs of the local network. For this, the MAC address of the calling IT system is evaluated to determine whether the system has been granted access authorisation.

For active network components with a routing functionality, appropriate protection of the routing updates is also necessary. These are required for updating the routing tables in order to allow dynamic adaptation to the current status of the local network. A distinction can be made here between two security mechanisms:

• Passwords

The use of passwords prevents configured routers from accepting routing updates from routers which are not in possession of the corresponding password. This protects routers against an acceptance of incorrect or invalid routing updates. The advantage of passwords in comparison with other protective mechanisms is their low overhead, which only needs a narrow bandwidth and short computing times.

• Cryptographic checksums

Checksums provide protection against concealed modifications to valid routing updates as they pass through the network. Together with a sequence number or a unique identifier, a checksum can also provide protection against the reloading of old updates.

A suitable routing protocol must be selected to achieve a sufficient degree of protection for routing updates. RIP-2 (Routing Information Protocol Version 2, RFC 1723) and OSPF (Open Shortest Path First, RFC 1583) support passwords in their basic specification, and can also be extended to make use of cryptographic checksums in accordance with the MD5 (Message Digest 5) algorithm.

Additional controls:

• Has a secure configuration of active network components been included in the network concept?

• Has a suitable routing protocol been employed?

• How are routing updates protected?