Chapter 6. The Role of a Router

A router is a device that interconnects two or more networks. Because of its role as a gateway between networks, it becomes a focal point of your network's security. Just like any entranceway to a secured perimeter, efforts must be made to reinforce the router's defenses to ensure your environment's safety.

The role that the router plays in your infrastructure's security depends greatly on its placement and the networks it joins together. The router might be a simple border device that joins your network to the Internet and relies on a firewall behind it to take care of the majority of the security concerns. Or perhaps the router is used as the lone perimeter security device for a small or low-risk network or a network subsegment. In either case, the main function of a router is the forwarding of packets from one network segment to another. Depending on the implementation you choose, you might strive to have the router focus on routing and perform routine security tasks as part of a larger defense-in-depth posture. Conversely, you could implement the router as an all-in-one perimeter security solution in an environment that has no other protection and reinforce this environment with additional defense in depth.

In this chapter, we discuss the router, its functions as a component of defense in depth, ways to implement it as an all-in-one security solution, and ways to protect the router through various hardening techniques. All examples use Cisco routers (Internetwork Operating System, or IOS, version 12.1 or greater), although the principles demonstrated could be applied to almost any brand of equivalent router.