index_104
Router Security Configuration Guide
UNCLASSIFIED
104
UNCLASSIFIED
Version 1.0g
4.5. Audit and Management
4.5.1. Concepts and Mechanisms
Routers are a critical part of network operations and network security. Careful
management and diligent audit of router operations can reduce network downtime,
improve security, and aid in the analysis of suspected security breaches. Cisco
routers and Cisco IOS are designed to support centralized audit and management.
This section describes the logging, management, monitoring, and update facilities
offered in Cisco IOS 11.3 and 12.0.
§ Logging
Cisco routers support both on-board and remote logs.
§ Time
Accurate time is important for good audit and management; Cisco routers
fully support the standard time synchronization protocol, NTP.
§ Network Management
The standard protocol for distributed management of network component
is the Simple Network Management Protocol (SNMP). SNMP must be
disabled or carefully configured for good security.
§ Network Monitoring
Cisco routers support basic facilities for Remote Network Monitoring
(RMON). The RMON features depend on SNMP, and must also be
disable or carefully configured.
§ Software Maintenance
Keeping up with new major software releases is important, because new
releases include fixes for security vulnerabilities. Installing new Cisco
IOS software in a router is not especially difficult.
§ Debugging and Diagnostics
Troubleshooting router problems requires proficiency with Ciscos
diagnostic commands and debugging features.
The sub-sections below describe recommended configurations for good security.
Complete details on the commands and features discussed may be found in the Cisco
IOS documentation, especially the Cisco IOS Configuration Fundamentals Command
Reference documents for IOS 11.3 and 12.0.
4.5.2. Configuring Logging and Time Services
Logging is a critical part of router security; good logs can help you find configuration
errors, understand past intrusions, troubleshoot service disruptions, and react to
probes and scans of your network. Cisco routers have the ability to log a great deal
of their status; this section explains the different logging facilities, describes the
logging configuration commands, and presents some configuration examples.