Check | Description |
---|---|
| Latest patches and updates are installed. |
| You subscribed to router vendor's security notification service. |
| Known vulnerable ports are blocked. |
| Ingress and egress filtering is enabled. Incoming and outgoing packets are confirmed as coming from public or internal networks. |
| ICMP traffic is screened from the internal network. |
| Administration interfaces to the router are enumerated and secured. |
| Web- facing administration is disabled. |
| Directed broadcast traffic is not received or forwarded. |
| Unused services are disabled (for example, TFTP). |
| Strong passwords are used. |
| Logging is enabled and audited for unusual traffic or patterns. |
| Large ping packets are screened. |
| Routing Information Protocol (RIP) packets, if used, are blocked at the outermost router. |