Auditing the Internet, E - Business

ROUTER DEVICES
(Interconnects networks; operates on Network layer)

Auditing for Appropriateness, Security & Management Control

EVALUATE APPROPRIATENESS

Lot of security issues

First line of defense before firewall; hackers attack routers and servers

Critical devices - intelligence built in; single point of failure

Supports many protocols and network architectures

Isolates and controls traffic flow; can prioritize traffic

Not well-suited to time-sensitive data - video, voice

Cannot guarantee quality of service to end systems

Router table maintenance issues

Work on Layers 1, 2 and 3 - Physical, Data Link, Network

Default passwords built into routers when shipped

EVALUATE ADEQUACY OF ROUTER MANAGEMENT

Access controls

Review printout of configuration files for routers connecting to external networks

Router files used to segment server networks from user networks

Router managed by another organization with routers connecting host systems and server networks to user networks

EVALUATE ROUTER CONNECTIONS

Obtain printouts of network configuration files - access lists, packet filtering, etc.

Identify and evaluate routers connecting to external networks and third party networks

Identify and evaluate routers connecting the host systems and server networks to user networks and external networks

Check routers using Ping command and Trace Route command

EVALUATE ROUTING TABLES

Determine routing table update packets are filtered and dropped

Determine ICMP and other hazardous packets are filtered and dropped

Determine updates are deactivated

Determine accurate static routing tables are maintained and duplicated

EVALUATE ROUTERS WITH STATIC PATHS

Determine routers with dedicated static paths (to vendors, etc.) allow traffic to pass only on a specified router on the connected external network

REVIEW ROUTER CONFIGURATION

Ensure router ignores ICMP Ping redirect messages which could modify OSPF (Open Shortest Path First) routes

Filter rule implemented (router configuration changed) to detect IP Address Spoofing (packets on external interface that can spoof network by broadcasting addresses claiming to have originated on internal network)

Router port number filters set to read status flag on packets

Port number filters blocking packets trying to initiate connection from external network

Configuration backed up, secured and tested



Contact Us /Home/ Services/ Links/ Newsletter
Training/ Construction/ Risk/ CIA /Peer Review
Audit Services Tel:615-790-9858 Fax: 209-797-7983 PO Box 681387, Franklin, TN 37068