HostedDB - Dedicated UNIX Servers

index_41
UNCLASSIFIED Router Security Principles and Goals  Version 1.0g  UNCLASSIFIED 41   Physical Security q Designates who is authorized to install, de-install, and move the router. q Designates who is authorized to perform hardware maintenance and to change the physical configuration of the router. q Designates who is authorized to make physical connections to the router. q Defines controls on placement and use of console and other direct access port connections. q Defines recovery procedures for the event of physical damage to the router, or evidence of tampering with the router. Static Configuration Security q Designates who is authorized to log in directly to the router via the console or other direct access port connections. q Designates who is authorized to assume administrative privileges on the router. q Defines procedures and practices for making changes to the router static configuration (e.g. log book, change recording, review procedures) q Defines the password policy for user/login passwords, and for administrative or privilege passwords. q Designates who is authorized to log in to the router remotely. q Designates protocols, procedures, and networks permitted for logging in to the router remotely. q Defines the recovery procedures, or identifies individual responsible for recovery, in the case of compromise of the router’s static configuration. q Defines the audit log policy for the router, including outlining log management practices and procedures.   q Designates procedures and limits on use of automated remote management and monitoring facilities (e.g. SNMP) q Outlines response procedures or guidelines for detection of an attack against the router. q Defines the key management policy for long-term cryptographic keys (if any). Dynamic Configuration Security q Identifies the dynamic configuration services permitted on the router, and the networks permitted to access those services.