index_41
UNCLASSIFIED
Router Security Principles and Goals
Version 1.0g
UNCLASSIFIED
41
Physical Security
q Designates who is authorized to install, de-install, and move the router.
q Designates who is authorized to perform hardware maintenance and to change
the physical configuration of the router.
q Designates who is authorized to make physical connections to the router.
q Defines controls on placement and use of console and other direct access port
connections.
q Defines recovery procedures for the event of physical damage to the router, or
evidence of tampering with the router.
Static Configuration Security
q Designates who is authorized to log in directly to the router via the console or
other direct access port connections.
q Designates who is authorized to assume administrative privileges on the
router.
q Defines procedures and practices for making changes to the router static
configuration (e.g. log book, change recording, review procedures)
q Defines the password policy for user/login passwords, and for administrative
or privilege passwords.
q Designates who is authorized to log in to the router remotely.
q Designates protocols, procedures, and networks permitted for logging in to
the router remotely.
q Defines the recovery procedures, or identifies individual responsible for
recovery, in the case of compromise of the routers static configuration.
q Defines the audit log policy for the router, including outlining log
management practices and procedures.
q Designates procedures and limits on use of automated remote management
and monitoring facilities (e.g. SNMP)
q Outlines response procedures or guidelines for detection of an attack against
the router.
q Defines the key management policy for long-term cryptographic keys (if any).
Dynamic Configuration Security
q Identifies the dynamic configuration services permitted on the router, and the
networks permitted to access those services.