index_37
UNCLASSIFIED
Router Security Principles and Goals
Version 1.0g
UNCLASSIFIED
37
3.3.2. Updating the Router
Periodically the router will require updates to be loaded for either the operating
system or the configuration file. These updates are necessary for one or more of the
following reasons: to fix known security vulnerabilities, to support new features that
allow more advanced security policies or to improve performance. Before updating
the administrator should complete some checks. Determine the memory
requirements for the update, and if necessary install additional memory to the router.
Set up and test file transfer capability between the administrators computer and the
router. Schedule the required downtime (usually after regular business hours) for the
router to perform the update.
After obtaining an update from the router vendor, the administrator should follow
procedures similar to the following. Shut down or disconnect the interfaces on the
router. Back up the current operating system and the current configuration file to the
administrators computer. Load the update for either the operating system or for the
configuration file. Perform tests to confirm that the update works properly. If the
tests are successful then restore or reconnect the interfaces on the router. If the tests
are not successful then back out the update.
3.3.3. Logging
Logging on a router offers several benefits. It informs the administrator if the router
is working properly or has been compromised. It can also show what types of attacks
are being attempted against the router or the protected network.
Configuring logging on the router should be done carefully. The administrator
should have the router logs sent to a log host, which is a dedicated computer on the
protected or trusted network whose only job is to store logs. Harden the log host by
removing all unnecessary services and accounts. Set the level of loggin g on the
router to one that meets the needs of the security policy, and expect to modify the log
settings as the network evolves. The logging level may need to be modified based on
how much of the log information is useful to the administrator. Two areas that
should be logged are (1) matches to filter rules that deny access, and (2) changes to
the router configuration.
Accurate timestamps are important to logging. All routers are capable of maintaining
their own time-of-day, but this is usually not sufficient. Instead, direct the router to
at least two different reliable time servers to ensure accuracy and availability of time
information. Also, direct the logging host to the reliable time servers. Include a
timestamp in each log message. This will allow the administrator to trace network
attacks more credibly. Finally, consider also sending the logs to a dedicated printer
to deal with worst case scenarios, e.g., failure of the log host.