• Skip to main content
  • Skip to primary sidebar
  • Skip to footer

securitywing

Menu
  • About
  • Must Read
      • IIS Performance Boost
      • RFID Security
      • Web App Security Testing
      • How to Secure Home Network
      • Prevent Cross-Site Scripting Attacks
      • Renew Self-Signed Certificates
      • Penetration Testing Tools
      • VPN Concentrator
      • Forensic Investigation Tools
      • Digital Certificates
      • Cloud Security Issues
      • Advanced Evasion Prevention
      • Firewall Types
      • Tips to Prevent Data Exfiltration
      • Classified Info Handling
      • MySQL Security
      • Definition of 7 Types of Malware
      • VOIP Security
      • Why Antivirus Software Fails
      • 15 Network Security Vulnerabilities
      • Web App Security
      • IT Security Standards
      • Types of Virtualization
      • Android Security
      • Digital Signature
      • Advanced Malware Protection
    • Close
  • Consultancy
  • Contact

Cisco Router Security Check for Auditor

by wing

Since router is the key to access an organization’s  network from the outside world, the maximum security priority should be given to routers that are connected to the Internet and to the important application servers. ISO-27001 has already defined standard router security checklist, which any organization can use to improve  their router securities. This post aims to familiarize you with some critical router security checklist so that you can have an in-depth and clear understanding of router security standards.

router audit
router audit

To secure you router, at first you have to identify whether there is any router security policy in place, if not ,then try to help your organization or department to devise their own router security principles. The following are the major security checklist that any auditor need to examine while auditing a router security.

  • If there are any unused router interface  disabled or enabled. Any unused router ports need to be disabled. If not disabled, you can easily shutdown unused interface using shutdown command.
  • Check that  if the DNS lookups for the router is turned on or off. This service remains enabled in most of the routers by default, and in most cased this service is not required. You can easily disable it by using “no ip domain-lookup” command.
  • Both TCP and UDP small server services need to be disabled. To disable this service, use the command –“no service up-small-servers”-in case of cisco routers.
  • Check enable secret command is in place to implement MD5 hashed any password used for enabling router.
  • Enable secret password should be unique for each router and should not match with any other user name or passwords in any network.
  • MOTD login banner should be enabled
  • Make sure  “ Exec-timeout” and “password” are defined in  sty lines of a router configuration file.
  • If vty lines are used for telnet access to your router, then make sure vty is accessible for a certain range of IP only(can be implemented using access list).
  • Find out how often router passwords and users names are changed, typical time is once in a 3-6 months, depending of the role of routers.
  • Identify router password complexity. Minimum 8 characters, and should be alphanumeric with special characters and numbers.
  • Try to check out it telnet is used over SSH. In fact SSH is preferred protocol over Telnet, since it encrypts all the data passing through a SSH session.
  • Well-documented procedures for creating users must be in place.
  • If the router is enabled for tracking of login and logout information. If not so, then use Router(config)#aaa accounting exec default start-stop group tacacs+
  • Checkout SNAM configuration parameters such as SNMP need to be permitted for a certain class of IP address, default community strings(public, private) must be changed when the router comes online for the first time in network.
  • How frequently SNMP community string is changed.
  • Make there is access-list in place to ensure that only administrators’ are able to receive the syslog and only their systems have access to the log host machine.
  • Make sure TFTP is disabled, if not in use.
  • If there are any documented procedures to backup router data.
  • Is there any redundant router-either hot or cold standby?
  • Documentation of router recovery plan must be in place.
  • What is the action plan if any malicious activity is noticed?
  • Router CPU /memory utilization report monitoring.
  • If your network engineering’s are aware of the latest network security threats and vulnerabilities.

Athe above mentioned checklists are in compliance with  ISO-27001 security requirements to secure a router. For details about router auditing, you may visit ISO website.

Related Posts:

  • Site to Site VPN Between Cisco VPN Concentrator and Router
  • Cisco VPN Configuration in IOS Routers
  • Access Control List Configuration on Cisco Router
  • Screening Router Security Test
  • How to Configure Cisco Private VLANs in 4 Easy Steps

Filed Under: Off Track Tagged With: audit, check, cisco, router, security tips

Primary Sidebar

CISSP Sample Test

Take a CISSP Sample Test

CISA IT governance Sample test



Twitter Follow @securitywing

Categories

  • AWS
  • containers
  • Internet Security and Safety
  • IS Audit
  • IT Security Exams
  • Network Security Tips
  • Off Track
  • Telecom
  • Tutorial

Pages

  • About
  • Best IT Security Certification Exam
  • CISA IT governance Sample test
  • CISA Sample Test
  • CISSP Sample Test Online
  • Consultancy
  • Contact

Popular Posts

  • 8 Effective Ways to Impro...
  • 3 Steps to Install Miniku...
  • Yahoo Mail Security Setti...
  • How to Setup AWS CloudFro...
  • 5 Steps to Setup a Nexus3...
  • 3 Simple Steps to Capture...
  • How to Configure AAA (TAC...
  • How to Install AWS CLI an...
  • How to Configure SNMP in...
  • How to Enable AWS Cross A...

Footer

Copyrights

Protected by Copyscape Duplicate Content Detection Software

Securitywing.com reserves the copyrights of all of its published articles.No contents of this site is permitted to be published to anywhere else in the Internet.If any contents are found in any other websites, securitywing reserves the rights to file a DMCA complaint. But you have the right to use the link of any relevant article of this site to point from your website if you consider that it might improve the quality of your article.

Tags

antivirus audit AWS backup browser check cisco cloud computer cyber data database encryption firewall home hsrp ids informaiton internet intrusion it kubernetes linux load balancing malware network protection putty risk router security security tips server ssh SSL switch tools virus vpn vulnerability web webserver website windows wordpress

Copyright © 2010-2023 ·All Rights Reserved · SecurityWing.com