For most enterprise LAN, routers have become one of the most important security devices in use. Generally, most networks have a primary access point. This is the "virtual border router" that is usually used with a dedicated firewall ".
After proper configuration, the edge router can block almost all the most stubborn bad elements out of the network. If you want to, this type of router also allows good people to access the network. However, a vro without proper configuration is better than no security measures at all.
In the following guide, we will look at nine convenient steps you can use to protect network security. These steps ensure that you have a brick wall to protect your network, rather than an open door.
1. Modify the default password!
According to foreign surveys, 80% of Security breakthroughs are caused by weak passwords. The network has a list of extensive default passwords for most vrouters. You are sure someone in some places will know your birthday. The SecurityStats.com website maintains a detailed list of available/unavailable passwords and a password reliability test.
2. Disable IP direct Broadcast IP Directed Broadcast)
Your server is very obedient. Let it do what it does, and no matter who sends the command. Smurf attacks are DoS attacks. In this attack, attackers use fake source addresses to send an "ICMP echo" request to your network broadcast address. This requires all hosts to respond to this broadcast request. This situation will at least reduce your network performance.
Refer to your router information file to learn how to disable IP direct broadcast. For example, the "Centralconfig) # no ip source-route" command will disable the IP direct broadcast address of the Cisco router.
3. If possible, disable the HTTP settings of the router.
As described in Cisco's technical description, the identity authentication protocol used by HTTP is equivalent to sending an unencrypted password to the entire network. However, unfortunately, there is no valid rule in the HTTP protocol for password verification or one-time password verification.
Although this unencrypted password may be very convenient for you to set your vro from a remote location such as at home), other people can do the same thing you can do. Especially if you are still using the default password! If you must remotely manage the vro, make sure that you use the Protocol of SNMPv3 or later versions because it supports more strict passwords.
4. Block ICMP ping requests
The main purpose of ping is to identify the host currently in use. Therefore, ping is usually used for reconnaissance activities before large-scale collaborative attacks. By canceling the remote user's ability to receive ping requests, you can easily avoid scanning activities that are not noticed or defend against "script kiddies" scripts for targets that are easy to attack ).
Please note that this does not actually protect your network from attacks, but it will make you less likely to be an attack target.
5. Disable IP Source Routing
The IP protocol allows a host to specify the route through your network, rather than allowing network components to determine the optimal path. The valid application of this function is used to diagnose connection faults. However, this function is rarely used. This feature is most commonly used to mirror your network for reconnaissance purposes, or for attackers to find a backdoor in your private network. This feature should be disabled unless you specify this feature for fault diagnosis only.
6. Determine your data packet filtering requirements
There are two reasons to block the port. One of them is suitable for your network based on your security requirements.
For a highly secure network, especially when storing or keeping confidential data, it is usually required to pass through the filter. In this provision, all ports and IP addresses must be blocked in addition to network functions. For example, port 80 for web communication and port 110/25 for SMTP allow access from the specified address, and all other ports and addresses can be disabled.
Most networks will enjoy an acceptable level of security by using the "filter by request rejection" solution. When using this filter policy, you can block ports that are not used in your network and ports that are commonly used by Trojans or detection activities to enhance the security of your network. For example, blocking port 139 and port 445TCP and UDP will make it more difficult for hackers to attack your network. Blocking the 31337TCP and UDP ports will make the Back Orifice Trojan program more difficult to attack your network.
This work should be determined in the network planning phase. At this time, the security level requirements should meet the needs of network users. View the list of these ports to understand the normal use of these ports.
7. Establish an address filtering policy for permitted entry and exit
Create a policy on your VBR to filter inbound and outbound network violations based on IP addresses. Except in special cases, all IP addresses that attempt to access the Internet from within your network should have an IP address allocated to your LAN. For example, the IP address 192.168.0.1 may be valid for accessing the Internet through this router. However, the address 216.239.55.99 may be fraudulent and part of an attack.
On the contrary, source addresses for external communications from the Internet should not be part of your internal network. Therefore, IP addresses such as 192.168.X.X, 172.16.X.X, and 10. X must be blocked.
Finally, communication with the source address or all the communication with the destination address that cannot be routed should be allowed through this router. This includes the return address 127.0.0.1 or class E.
8. Maintain the physical security of the router
From the perspective of network sniffing, routers are safer than hubs. This is because the router intelligently routes data packets based on the IP address, and data is broadcast on all nodes in the hub. If a system connected to the Hub places its network adapter in messy mode, they can receive and see all broadcasts, including passwords, POP3 communications, and Web communications.
Then, it is important to ensure that physical access to your network device is safe to prevent unauthorized laptop computers and other sniffing devices from being placed in your local subnet.
9. Spend time reviewing security records
Review your vro records using its built-in firewall function) is the most effective way to identify security events, whether it is identifying ongoing attacks or future attacks. By using outbound records, you can also find Trojans and spyware programs that attempt to establish external connections. Careful security administrators can detect "red code" and "Nimda" virus attacks before the virus disseminators respond.
In addition, generally, the vro is located at the edge of your network and allows you to see all the communication conditions in and out of your network.