A
network is the entry point to your applications. It provides the first
gatekeepers that control access to the various servers in your environment. The
servers are protected by their own OS (Operating System) gatekeepers. However,
it is important not to allow them to be swamped with attacks from the network
layer. In a way, it is also important to ensure that the network gatekeepers
cannot be replaced or reconfigured by unauthorized users. In summary, network
security involves protection of networking devices and the data that they send.
As
we know, the router is the very first line of defence. Apart from routing
packets, they can also be configured to block or filter forwarding of packet
types that are known to be vulnerable or used maliciously, such as ICMP or
Simple Network Management Protocol (SNMP).
The
different types of configurations available for the routers are:
- Patches and updates
- Protocols
- Administrative access
- Services
- Auditing and Logging
- Intrusion detection
By disabling
redundant and inactive services like CDP, TCP and UDP can improve network
security. Many of these services involves security issues, each with it
individual level of risk, where a hacker could make use of these security
loopholes to their own advantage by gathering information about your router or
even attempting to gain unauthorized access. Thus, it is safer to disable inactive
service on the perimeter router in order to avoid unnecessary risks.
Perimeter router logs may be useless in troubleshooting,
capacity planning and dealing with security incidents. For security purposes,
the events to log are interface status changes, system configuration changes,
access list matches, events detected by firewall and intrusion detection
features. System logging events can be reported to various destinations, for
example:
- The system console port, as many console ports are unattended or connected to terminals with no historical storage, this information might not be available to reconstruct a major event.
- Most routers are capable of saving system logging information into a local RAM buffer. The buffer has a fixed size and keeps only the most recent information, and the contents are lost whenever the router is reloaded.
Resources: http://etutorials.org/Networking/Router+firewall+security/Part+II+Managing+Access+to+Routers/Chapter+4.+Disabling+Unnecessary+Services/
http://etutorials.org/Networking/Cisco+Certified+Security+Professional+Certification/Part+II+Securing+the+Network+Perimeter/Chapter+5+Securing+Cisco+Perimeter+Routers/Chapter+Review/
http://etutorials.org/Networking/Cisco+Certified+Security+Professional+Certification/Part+II+Securing+the+Network+Perimeter/Chapter+5+Securing+Cisco+Perimeter+Routers/Event+Logging+on+Perimeter+Routers/
http://msdn.microsoft.com/en-us/library/ff648651.aspx
No comments:
Post a Comment