This article can also be found in the Premium Editorial Download "Information Security magazine: Screen test: App-layer controls beef up perimeter firewalls."
Download it now to read this article plus other related content.
Enterprises have hardened their perimeters with VPNs, firewalls and intrusion detection systems, but organizations need to focus more on securing routing protocols, the fundamental element of any corporate network, typically
There are basic precautions everyone should take to control physical and logical access to routers. But these measures target the router itself, leaving the routing protocol communication unprotected, in part because security wasn't an explicit consideration when routing protocols evolved in the '80s and '90s. Many of the access control mechanisms inherent in routing protocols exist to avoid routing loops, not to deter malicious users from injecting false routing information.
Nevertheless, by using combinations of route filtering and cryptographic authentication, you can defend your network against intruders bent on injecting invalid routing information to disrupt your network or view critical corporate data.
In the March issue of Information Security magazine, we look at how vulnerable routing protocols are to man-in-the-middle attacks and hijacked sessions and, more importantly, what can be done to reduce those risks.
The key to securing the core routing infrastructure is access control. At a minimum, the following controls should be deployed:
- Limit physical access to routers to authorized personnel.
- Use encrypted access, such as SSH, to communicate with routers.
- If there's a reason to use unencrypted access, such as Telnet, limit the access to specific trusted hosts. If possible, authentication should be based on a one-time password scheme.
- Have a generic login prompt with no information pertaining to system type or vendor name so a potential attacker won't easily be able to exploit a vulnerability against a specific operating system or vendor.
- Log all activity, such as configuration changes and image upgrades, to help detect illegal activity.
- Disable HTTP and SNMP access if they aren't used.
Read the full Information Security magazine feature on securing routing protocols.