Chapter 4. Routing

   

Router security has traditionally been of little concern to network administrators. Routers, for the most part, simply run. They forward packets across the WAN and do not usually cause, or exacerbate, security problems.

That thinking has changed a lot over the last few years . As attackers become more network savvy, they realize that routers often make excellent targets. This is especially true for small companies that do not have dedicated network support staff. Often default router access passwords are left in place, or default SNMP passwords are unchanged. Even if a password is changed, many administrators will continue to telnet to the router, leaving their login and password information available to anyone with a sniffer.

In addition to the lack of system security, attackers find that routers are good targets because they generally sit outside the firewall and oftentimes access and configuration data are not logged.

Routers are also fast. An attacker who gains access to a router can often use it to launch DoS attacks against other servers. A more nefarious attacker may decide to route all traffic from the router to a network controlled by the attacker, allowing him or her to sniff all data coming from the compromised network.

If nothing else, an attacker who gains access to a router will have detailed information about a network, and, if TFTP is used to back up router configuration, will know of a server with at least one vulnerable service.

The goal of router security should be to make the router the first line of defense against an attacker. This entails not only securing the router, but also using it as a tool to help prevent the attacker from ever reaching the network. If an attacker is prevented from gaining access to the network at the edge it places less of a burden on the firewalls or the servers.

   


The Practice of Network Security. Deployment Strategies for Production Environments
The Practice of Network Security: Deployment Strategies for Production Environments
ISBN: 0130462233
EAN: 2147483647
Year: 2002
Pages: 131
Authors: Allan Liska

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net