HostedDB - Dedicated UNIX Servers

index_88
Router Security Configuration Guide UNCLASSIFIED 88 UNCLASSIFIED Version 1.0g the network segment. When a sending router builds an OSPF packet, it signs the packet by placing the key as plaintext in the OSPF header. The receiving router then compares the received key against the key in memory. If the keys match, then the router accepts the packet. Otherwise, the router rejects the packet. This method does not provide much security because the key is in plaintext in the packet. Using this method reveals the secret key to any attacker using a network sniffer on the right LAN segments.  Once an attacker captures the key, they can pose as a trusted router. The second, and more secure method, is message digest authentication. The figure below shows the example network from Figure 4-1 with its routing protocols. Figure 4-3: A Simple OSPF Routing Architecture In this example, routers North, East, and Central all share the same secret key, r0utes-4-all, with a Key ID of 1. Each of these routers authenticates to each other using the MD5 message digest authentication method, whose cryptographic authentication type is denoted by a value of 2. Figure 4-4 shows how East authenticates to North. East first builds an OSPF packet, both header and body. It OSPF Area 0 Internet Central East Facility Network 14.1.0.0/16 North South Second Floor 14.2.9.0/24 14.2.10.0/24 eth0/1 14.2.6.0/24 eth1 eth0/1 eth0 eth0/0 eth0/0 eth0/1 eth0/0 14.2.10.250/24 14.2.9.64/24 14.2.9.250/24 14.1.15.250/16 14.1.1.250/16 14.2.6.250/24 14.1.1.20/16 RIP Autonomous System Border Router (ASBR)