index_39
UNCLASSIFIED
Router Security Principles and Goals
Version 1.0g
UNCLASSIFIED
39
dynamic information, such as interface status, ARP tables, and audit logs, are also
very important. If an attacker can compromise the dynamic configuration of a
router, they can compromise the outermost layer as well. Security policy for a router
should include rules about access to this layer, although it is sometimes overlooked.
The outer zone of the diagram represents the intra-network and inter-network traffic
that the router manages. The overall network security policy may include rules
about this, identifying permitted protocols and services, access mechanisms, and
administrative roles. The high-level requirements of the network security policy
must be reflected in the configuration of the router, and probably in the router
security policy.
3.4.2. Router Security Policy and Overall Network Security Policy
Typically, the network that a router serves will have a security policy, defining roles,
permissions, rules of conduct, and responsibilities. The policy for a router must fit
into the overall framework. The role s defined in the router security policy will
usually be a subset of those in the network policy. The rules of conduct for
administering the router should clarify the application of the network rules to the
router.
For example, a network security policy might define three roles: administrator,
operator, and user. The router security policy might include only two: administrator
and operator. Each of the roles would be granted privileges in the router policy that
permit them to fulfill their responsibilitie s as outlined in the network policy. The
operator, for example, might be held responsible by the network security policy for
periodic review of the audit logs. The router security policy might grant the operator
login privileges to the router so that they can access the router logs.
In other regards, the router policy will involve far more detail than the network
policy. In some cases, the router enforces network policy, and the router policy must
reflect this.
For example, the network security policy might forbid administration of the router
from anywhere but the local LAN. The router policy might specify the particular
rules to be enforced by the router to prevent remote administration.
3.4.3. Creating a Security Policy for a Router
There are several important tips to remember when creating the security policy for a
router:
§ Specify security objectives, not particular commands or mechanisms
When the policy specifies the security effect to achieve, rather than a
particular command or mechanism, the policy is more portable across
router software versions and between different kinds of routers.