January 17, 2012

1.2.4 Secure Router Configuration

One of the most important things you can do to secure your network is make sure you secure the router. To securely configure the router, you must do the following:

  • Validate a network design before implementation. Document your environment.
  • Change the Default Password. The password for the administrator is set before the router leaves the factory. Employ good password principles and change it to a value that only you know.
  • Walk through the Advanced Settings. These settings will differ based on the router manufacturer and type but often include settings to block ping requests, perform MAC filtering, and so on.
  • Keep the Firmware Upgraded. Router manufacturers often issue patches when problems are discovered. 

Always remember to back up your router configuration before making any significant changes. When transferring a configuration, always use a secure method where available. Transfer protocols include: TFTP (cleartext), SCP (encrypted) and HTTPS (encrypted).

Physically secure your router. Additionally all router ports, both console ports and inbound ports should be secure.

Router configuration changes should be done from the console and not a remote location.

References:

  • Security+ Guide to Network Security Fundamentals, Fourth Edition
  • CompTIA Security+ Study Guide: Exam SY0-301, Fifth Edition by Emmett Dulaney

No comments:

Post a Comment