HostedDB - Dedicated UNIX Servers

index_40
Router Security Configuration Guide UNCLASSIFIED 40 UNCLASSIFIED Version 1.0g § Specify policy for all the zones identified in the figure above – Begin with physical security, and work outwards to security for the static configuration, the dynamic configuration, and for traffic flow. § Services and protocols that are not explicitly permitted should be denied –   When representing the network policy in the router policy, concentrate on services and protocols that have been identified as explicitly needed for network operation; explicitly permit those, and deny everything else.    In some cases, it may not be practical to identify and list all the services and protocols that the router will explicitly permit.  A backbone router that must route traffic to many other networks cannot always enforce highly tailored policies on the traffic flowing through it, due to performance concerns or differences in the security policies of the different networks served.  In these kinds of cases, the policy should clearly state any limitations or restrictions that can be enforced. When drafting a policy, keep most of the directives and objectives high-level; avoid specifying the particular mechanisms in the policy. A security policy must be a living document.  Make it part of the security practices of the network to regularly review the network security policy and the router security policy.  Update the router policy to reflect changes in the network policy, or whenever the security objectives for the router change.  It may be necessary to revise the router security policy whenever there is a major change in the network architecture or organizational structure of network administration.  In particular, examine the router security policy and revise it as needed whenever any of the following events occur. § New connections made between the local network and outside networks § Major changes to administrative practices, procedures, or staff § Major changes to the overall network security policy § Deployment of substantial new capabilities (e.g. a new VPN) or new network components (e.g. a new firewall) § Detection of an attack or serious compromise When the router security policy undergoes a revision, notify all individuals authorized to administer the router and all individuals authorized for physical access to it.  Maintaining policy awareness is crucial for policy compliance. 3.4.4.    Router Security Policy Checklist The checklist below is designed as an aid for creating router security policy. After drafting a policy, step down the list and check that each item is addressed in your policy.