5.10.3 Router Security

Securing Routers: Comprehensive Security Measures

General Security Actions for Routers

  • Change Factory Defaults:

    • Alter default settings to enhance security.

    • Update default manufacturer’s username and password.

    • Encrypt the new password.

    • Employ a complex password that meets the following criteria:

    • Greater than 8 characters length.

    • Combination of different character types (numbers, symbols).

    • Avoid using easily guessed words or variations of words, including username derivatives.

  • Change Default Network Address:

    • Recognize and modify default network addresses such as (192.168.1.1)(192.168.1.1) or (10.0.0.1)(10.0.0.1).

Use of Secure Protocols

  • Utilize Encrypted Protocols:

    • Employ protocols that maintain data security during device management:

    • Secure Shell (SSH):

      • Provides secure interactive control of remote systems.

      • Utilizes RSA public key cryptography for both connection establishment and user authentication.

      • Can also furnish security services for other protocols.

    • Secure Copy Protocol (SCP):

      • Facilitates secure file transfer leveraging SSH's security features.

  • Avoid Insecure Protocols:

    • Do not use unsecured protocols such as HTTP, Telnet, FTP, or TFTP due to their tendency to transmit data as clear text.

  • Secure Router Management:

    • Ideally, connect to the router's console port for management, creating a direct link that cannot be intercepted by other network hosts.

  • UPnP Caution:

    • Use Universal Plug and Play (UPnP) cautiously, ensuring firmware is up-to-date and connected devices are free from malware.

Implementing Physical Security

  • Ensure Physical Access Control:

    • Devices should be secured in a locked area to prevent unauthorized access.

    • Recognize that physical access can undermine configured digital security.

  • Physical Security Measures:

    • Recommended physical security implementations include:

    • Perimeter barriers (fencing, gates).

    • Closed-circuit television (CCTV) surveillance.

    • Secure doors with locks.

    • Maintain physical access logs.

    • Establish physical access controls to monitor entry.

Configuration Management

  • Secure Configuration File:

    • Store configuration files in encrypted formats if possible.

    • Back up files to a secure location to prevent data loss.

  • Update Firmware:

    • Upon initially configuring a router, promptly update its firmware.

    • Updates address & rectify known vulnerabilities.

Anti-Spoofing Measures

  • Implement Anti-Spoofing Rules:

    • Utilize rules that protect against spoofing attacks where misleading source addresses are employed in IP packets.

    • Such rules analyze the origin of the IP packets and ensure they align with expected source addresses to mitigate attacks.

  • Typical Anti-Spoofing Rule Structure:

    • Interface: Any external interface

    • Destination: Any

    • Security Measure Direction: Inbound

    • Service: Any

    • Action: Deny traffic with a matched rule.

Access Control Lists (ACLs)

  • Utilize Router ACLs:

    • ACLs enhance security by controlling traffic flow similarly to a firewall at the router level.

    • ACLs filter traffic based on specific conditions and determine whether to block or forward data.

  • ACL Functionality:

    • Packet information like source and destination IP addresses, port numbers, and protocol type guides the decision-making process.

    • ACLs are key to traffic control in network devices, improving both security and efficiency.

Network Segmentation

  • Role of Routers in Network Segmentation:

    • Segmentation is vital in enhancing security within an enterprise environment.

    • It limits the impact of potential cybersecurity incidents by creating isolated systems.

  • Benefits of Segmentation:

    • Reduces propagation of attacks or malware by restricting movement within the network.

    • It offers distinct security controls and access permissions for each segment.

    • Provides a crucial response window for organizations to detect and address breaches.

    • Facilitates more granular data access control, ensuring confidentiality and integrity.

Device Isolation

  • Definition of Device Isolation:

    • Segregating individual devices to control interactions with others in a network environment.

  • Purpose of Device Isolation:

    • Enhances endpoint protection by curtailing lateral movement of threats—if one device is compromised, others remain unaffected.

  • Importance of Isolation:

    • Minimizes the attack surface and the impact of breaches, especially against wide-spread threats like worms or ransomware.

    • Ensures that compromised devices can't access or interfere with the entirety of the network system.