ROUTER DEVICES
(Interconnects networks; operates on Network layer)
Auditing for Appropriateness, Security & Management Control
EVALUATE APPROPRIATENESS Lot of security issuesFirst line of defense before firewall; hackers attack routers and serversCritical devices - intelligence built in; single point of failureSupports many protocols and network architecturesIsolates and controls traffic flow; can prioritize trafficNot well-suited to time-sensitive data - video, voiceCannot guarantee quality of service to end systemsRouter table maintenance issuesWork on Layers 1, 2 and 3 - Physical, Data Link, NetworkDefault passwords built into routers when shipped EVALUATE ADEQUACY OF ROUTER MANAGEMENTAccess controls Review printout of configuration files for routers connecting to external networks Router files used to segment server networks from user networks Router managed by another organization with routers connecting host systems and server networks to user networks EVALUATE ROUTER CONNECTIONSObtain printouts of network configuration files - access lists, packet filtering, etc. Identify and evaluate routers connecting to external networks and third party networks Identify and evaluate routers connecting the host systems and server networks to user networks and external networks Check routers using Ping command and Trace Route command EVALUATE ROUTING TABLESDetermine routing table update packets are filtered and dropped Determine ICMP and other hazardous packets are filtered and dropped Determine updates are deactivated Determine accurate static routing tables are maintained and duplicated EVALUATE ROUTERS WITH STATIC PATHSDetermine routers with dedicated static paths (to vendors, etc.) allow traffic to pass only on a specified router on the connected external network REVIEW ROUTER CONFIGURATIONEnsure router ignores ICMP Ping redirect messages which could modify OSPF (Open Shortest Path First) routes Filter rule implemented (router configuration changed) to detect IP Address Spoofing (packets on external interface that can spoof network by broadcasting addresses claiming to have originated on internal network) Router port number filters set to read status flag on packets Port number filters blocking packets trying to initiate connection from external network Configuration backed up, secured and tested Contact Us IT Audit / Pre-QAR / CIA / 1 Stop IA Shop / IA Manual |
