Lot of security issues
First line of defense before firewall; hackers attack routers and servers
Critical devices - intelligence built in; single point of failure
Supports many protocols and network architectures
Isolates and controls traffic flow; can prioritize traffic
Not well-suited to time-sensitive data - video, voice
Cannot guarantee quality of service to end systems
Router table maintenance issues
Work on Layers 1, 2 and 3 - Physical, Data Link, Network
Default passwords built into routers when shipped
Access controls
Review printout of configuration files for routers connecting to external networks
Router files used to segment server networks from user networks
Router managed by another organization with routers connecting host systems and server networks to user networks
Obtain printouts of network configuration files - access lists, packet filtering, etc.
Identify and evaluate routers connecting to external networks and third party networks
Identify and evaluate routers connecting the host systems and server networks to user networks and external networks
Check routers using Ping command and Trace Route command
Determine routing table update packets are filtered and dropped
Determine ICMP and other hazardous packets are filtered and dropped
Determine updates are deactivated
Determine accurate static routing tables are maintained and duplicated
Determine routers with dedicated static paths (to vendors, etc.) allow traffic to pass only on a specified router on the connected external network
Ensure router ignores ICMP Ping redirect messages which could modify OSPF (Open Shortest Path First) routes
Filter rule implemented (router configuration changed) to detect IP Address Spoofing (packets on external interface that can spoof network by broadcasting addresses claiming to have originated on internal network)
Router port number filters set to read status flag on packets
Port number filters blocking packets trying to initiate connection from external network
Configuration backed up, secured and tested
/Home/
Services/
Links/
Newsletter