Saturday, July 28, 2012
- For protecting routers, Layer 3 forwarding (IP routing), and the layer 3 control plane(routing protocols), additionally RFCs 2827 & 3704 outline other types of protections
- RFC 2827 addresses issues with
- the use of the IP source & destination fields in the IP header to form some kind of attack
- RFC 3704 details some issues related to how the tools of 2827 may be best deployed over the internet.
KEY LAYER 3 SECURITY recommendations from SAFE blueprint
- Using Secure Shell, enable secure telnet access to a router user interface.
- Enable SNMP security, particularly adding SNMPv3 support
- Turn off all unnecessary servieces on the router platform
- Turn on logging to provide an audit trail
- Enable routing protocol authentication
- Enable the CEF forwarding path to avoid using flow-based paths like fast switching
Subscribe to:
Posts (Atom)