index_87
UNCLASSIFIED
Implementing Security on Cisco Routers
Version 1.0g
UNCLASSIFIED
87
address instead of the IP address to determine the final destination of a packet. For a
detailed description of Proxy ARP, consult RFC 1027.
However, because ARP offers no security, neither does Proxy ARP. The fundamental
security weakness of ARP is that it was not designed to use any form of
authentication. Anyone on a LAN segment can modify an entry in the ARP cache of
a router that serves the segment. Therefore, if a host on the network does not use
default gateways, but instead uses Proxy ARP to handle the routing, it is susceptible
to bad or malicious routes. In any case, Proxy ARP is generally not used anymore,
and it should be disabled. The following example illustrates how to do just that.
Central# config t
Enter configuration commands, one per line. End with CNTL/Z.
Central(config)# interface ethernet0/0
Central(config-if)# no ip proxy-arp
Central(config-if)# exit
Central(config)# interface ethernet0/1
Central(config-if)# no ip proxy-arp
Central(config-if)# end
Central#
4.4.3. Routing tables, static routes, and routing protocols
This section describes how to protect routers from some common routing hazards.
Router Neighbor Authentication
The primary purpose of router neighbor authentication is to protect the integrity of a
routing domain. In this case, authentication occurs when two neighboring routers
exchange routing information. Authentication ensures that the receiving router
incorporates into its tables only the route information that the trusted sending router
really intended to send. It prevents a legitimate router from accepting and then
employing unauthorized, malicious, or accidental routing updates that would
compromise the security of a network. Such a compromise might lead to re-routing
of traffic, a denial of service, or simply giving access to certain packets of data to an
unauthorized person.
OSPF Authentication
OSPF provides authentication to prevent routing attacks. Each router accomplishes
authentication by the exchange of an authentication key. That is, each router
connected to the same network segment all use a shared secret key. Each sending
router then uses this key to sign each OSPF update message. The receiving router
checks the shared secret to determine whether the message should be accepted.
OSPF uses two types of neighbor authentication: plaintext and message digest
(MD5). Plaintext authentication uses a shared secret key known to all the routers on