Since router is the key to access an organization’s network from the outside world, the maximum security priority should be given to routers that are connected to the Internet and to the important application servers. ISO-27001 has already defined standard router security checklist, which any organization can use to improve their router securities. This post aims to familiarize you with some critical router security checklist so that you can have an in-depth and clear understanding of router security standards.
To secure you router, at first you have to identify whether there is any router security policy in place, if not ,then try to help your organization or department to devise their own router security principles. The following are the major security checklist that any auditor need to examine while auditing a router security.
- If there are any unused router interface disabled or enabled. Any unused router ports need to be disabled. If not disabled, you can easily shutdown unused interface using shutdown command.
- Check that if the DNS lookups for the router is turned on or off. This service remains enabled in most of the routers by default, and in most cased this service is not required. You can easily disable it by using “no ip domain-lookup” command.
- Both TCP and UDP small server services need to be disabled. To disable this service, use the command –“no service up-small-servers”-in case of cisco routers.
- Check enable secret command is in place to implement MD5 hashed any password used for enabling router.
- Enable secret password should be unique for each router and should not match with any other user name or passwords in any network.
- MOTD login banner should be enabled
- Make sure “ Exec-timeout” and “password” are defined in sty lines of a router configuration file.
- If vty lines are used for telnet access to your router, then make sure vty is accessible for a certain range of IP only(can be implemented using access list).
- Find out how often router passwords and users names are changed, typical time is once in a 3-6 months, depending of the role of routers.
- Identify router password complexity. Minimum 8 characters, and should be alphanumeric with special characters and numbers.
- Try to check out it telnet is used over SSH. In fact SSH is preferred protocol over Telnet, since it encrypts all the data passing through a SSH session.
- Well-documented procedures for creating users must be in place.
- If the router is enabled for tracking of login and logout information. If not so, then use Router(config)#aaa accounting exec default start-stop group tacacs+
- Checkout SNAM configuration parameters such as SNMP need to be permitted for a certain class of IP address, default community strings(public, private) must be changed when the router comes online for the first time in network.
- How frequently SNMP community string is changed.
- Make there is access-list in place to ensure that only administrators’ are able to receive the syslog and only their systems have access to the log host machine.
- Make sure TFTP is disabled, if not in use.
- If there are any documented procedures to backup router data.
- Is there any redundant router-either hot or cold standby?
- Documentation of router recovery plan must be in place.
- What is the action plan if any malicious activity is noticed?
- Router CPU /memory utilization report monitoring.
- If your network engineering’s are aware of the latest network security threats and vulnerabilities.
Athe above mentioned checklists are in compliance with ISO-27001 security requirements to secure a router. For details about router auditing, you may visit ISO website.