Network Configuration


The goal for this phase of the review is to identify vulnerabilities in the configuration of your network. For further background information about the issues raised by the review questions in this section, see Chapter 15, "Securing Your Network."

To help focus and structure the review process, the review questions have been divided into the following configuration categories:

  • Router

  • Firewall

  • Switch

Router

Use the following questions to review your router configuration:

  • Have you applied the latest patches and updates?

    Check with the networking hardware manufacturer to ensure you have the latest patches.

  • Do you use Ingress and Egress filtering?

    For more information, see "Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing," at http://www.rfc-editor.org/rfc/rfc2267.txt .

  • Do you block ICMP traffic?

    Make sure you block Internet Control Message Protocol (ICMP) traffic at the outer perimeter router to prevent attacks such as cascading ping floods and other potential ICMP vulnerabilities.

  • Do you prevent time-to-live (TTL) expired messages with values of 0 or 1?

    This prevents information disclosure caused by route tracing.

  • Do you receive or forward broadcast traffic?

    Source addresses that should be filtered are shown in Table 22.1.

    Table 22.1: Source Addresses that Should Be Filtered

    Source Address

    Description

    0.0.0.0/8

    Historical broadcast

    10.0.0.0/8

    RFC 1918 private network

    127.0.0.0/8

    Loopback

    169.254.0.0/16

    Link local networks

    172.16.0.0/12

    RFC 1918 private network

    192.0.2.0/24

    TEST-NET

    192.168.0.0/16

    RFC 1918 private network

    224.0.0.0/4

    Class D multicast

    240.0.0.0/5

    Class E reserved

    248.0.0.0/5

    Unallocated

    255.255.255.255/32

    Broadcast

  • Have you disabled unused interfaces?

    Make sure that only the required interfaces are enabled on the router.

  • Do you use strong password policies?

    You should use strong password policies to mitigate the risks posed by brute force and dictionary attacks.

  • Do you use static routing?

    By using static routes, an administrative interface must first be compromised to make routing changes.

  • Do you audit Web facing administrative interfaces?

    When possible, shut down the external administration interface and use internal access methods with ACLs.

  • Do you use the logging features of your router?

    Check that your routers log all deny actions.

  • Do you use an Intrusion Detection System?

    Intrusion Detection Systems (IDSs) can show where the perpetrator is attempting attacks.

Firewall

Use the following questions to review your router configuration:

  • Have you applied the latest patches and updates?

    Check with the networking hardware manufacturer to ensure you have the latest patches.

  • Do you log all traffic that flows though the firewall?

  • How often do you cycle logs?

    Ensure that you maintain healthy log cycling that allows quick data analysis.

  • Is the firewall clock synchronized with the other network hardware?

Switch

Use the following questions to review your router configuration:

  • Have you applied the latest patches and updates?

    Check with the networking hardware manufacturer to ensure that you have the latest patches.

  • Have you disabled factory default settings?

    To make sure that insecure defaults are secured, check that you have changed all factory default passwords and Simple Network Management Protocol (SNMP) community strings to prevent network enumeration or total control of the switch.

  • Have you disabled unused services?

    Make sure that all unused services are disabled. Also, make sure that Trivial File Transfer Protocol (TFTP) is disabled, Internet-facing administration points are removed, and ACLs are configured to limit administrative access.




Improving Web Application Security. Threats and Countermeasures
Improving Web Application Security: Threats and Countermeasures
ISBN: 0735618429
EAN: 2147483647
Year: 2003
Pages: 613

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net