HostedDB - Dedicated UNIX Servers

index_38
Router Security Configuration Guide UNCLASSIFIED 38 UNCLASSIFIED Version 1.0g 3.4.  Security Policy for Routers  Routers are an important part of a network, and their security is a vital part of the overall security for the networks they serve.  What does it mean for a router to be secure?  One simple way to define the security of a router is this: do the operation, configuration, and management of the router satisfy a good security policy?   3.4.1.    A Conceptual Basis for Router Security Policy Figure 3, below, shows a layered view of the security of a router.  The security of each layer depends on the security of the layers inside it. Figure 3-4: Layered View of Router Security The innermost zone is the physical security of the router.  Any router can be compromised by an attacker with full physical access; therefore, physical access must be limited to provide a solid foundation for the overall security of the router.  Most routers offer one or more direct connections, usually called ‘Console’ or ‘Control’ ports; these ports usually provide special mechanisms for controlling the router.   Router security policy should define rules for where and how these ports may be used. The next innermost zone of the diagram is the stored software and configuration state of the router itself.  If an attacker can compromise either of these, particularly the stored configuration, then they will also gain control of the outer two layers.  Some important aspects of the stored configuration are the interface addresses, the user names and passwords, and the access controls for direct access to the router’s command interface.  Security policy usually includes strict rules about access to this layer, in terms of both administrative roles and network mechanisms.    The next outermost zone of the diagram is the dynamic configuration of the router.   The route tables themselves are the most obvious part of this.  Other pieces of Network Traffic through the Router Dynamic Configuration and Status of the Router Core Static Configuration of the Router Physical Integrity of the Router Router Security Layers Corresponding Access Ÿ  Physical access Ÿ  Electrical access Ÿ  Administrative access Ÿ  Software updates ŸRouting protocols ŸAccess to the network that the router serves