HostedDB - Dedicated UNIX Servers
index_31
UNCLASSIFIED Router Security Principles and Goals  Version 1.0g  UNCLASSIFIED 31   3. Router Security Principles and Goals Routers can play a role in securing networks.  This section describes general principles for protecting a router itself, protecting a network with a router, and managing a router securely. 3.1.  Protecting the Router Itself   3.1.1. Physical Security There are a number of ways to provide physical security for a router.  The room that contains the router should be free of electrostatic or magnetic interference.  It should have controls for temperature and humidity.  If deemed necessary for availability or criticality reasons, an uninterrupted power supply (UPS) should be installed and spare components and parts kept on hand.  To protect against some denial of service attacks the router should have the maximum amount of memory as possible.  Also, the router should be placed in a locked room with access by only a small number of authorized personnel.  Finally, physical devices (e.g., PC cards, modems) used to connect to the router require storage protection. 3.1.2. Operating System   The operating system for the router is a crucial component.  Decide what features the network needs, and use the feature list to select the version of the operating system.   However, the very latest version of any operating system tends not to be the most reliable due to its limited exposure in a wide range of network environments.  One should use the latest stable release of the operating system that meets the feature requirements.  Section 3.3.2 discusses the management of updates to the operating system, and Sections 4 and 8 include information on Cisco’s IOS operating system. 3.1.3. Configuration Hardening   A router is similar to many computers in that it has many services enabled by default.   Many of these services are unnecessary and may be used by an attacker for information gathering or for exploitation.  All unnecessary services should be disabled in the router configuration.  Section 3.3.2 discusses the management of updates to the router configuration.