Router vulnerabilities are a persistent problem. What basic steps should enterprises take to improve router security,...
beyond just changing the default passwords? Are there specific checks they should run on their network devices?
Routers are gateways to networks, and often, they're the first devices compromised when an attacker enters your network. Because of this, a router should be as hardened as possible before it's put on your network. With this in mind, there are a few areas we can focus on to improve network device security.
The first step is to place these systems squarely within the network vulnerability management process. This includes running authorized scans of the routers with an account that's able to access the system and determining what risks are present within the router. These risks could be out-of-date patches, running insecure protocols, being versions behind on images and so on. Getting a solid risk assessment of your routers on a scheduled basis can help you to get a foothold on where your risks are and what needs to change, all while being tracked as metrics.
Along the same lines, there are tools that can connect to network equipment and review router configurations and rule sets for security and compliance checks. This is a higher level of network device security than vulnerability management, since it reviews the rule set of the device and makes recommendations based on best practices. It's something to strive for, but verifying that the routers are free from vulnerabilities should be the first priority.
However, part of the network device security process described earlier uses tools that might not be available to your organization. If that's the case, start by reviewing a few things upfront.
First, review the system with a simple network scan with a free tool called Nmap to determine which ports are currently open. Scanning the location of the interface is important because, if you're performing a scan externally, there should be a limited number of ports open.
This brings us to our second point -- remote access. This is significant because remote management ports should not be open to the internet where they're going to be brute-forced for access. Preventing this involves locking down all remote access protocols, including SSH and HTTP access, and actually making sure HTTP access and Telnet are removed completely.
The third point to review for network device security regards patching and upgrades. This should go without saying, but there are many security flaws and vulnerabilities that are remediated with the latest software upgrades. By running out-of-date code on a firewall, your systems are left vulnerable to attacks, which should be considered each time a new patch or upgrade is released. Keeping an eye out for the latest router security flaws is normally possible by subscribing to vendor notifications, which inform you when they release new patches and updates.
Lastly, pulling the logs off the routers can help alert you to malicious behavior as it's occurring against them. For example, if you set up alerts so that you are notified every time a configuration is changed, you'll also be notified of unauthorized changes. You can also set thresholds on failed logins to determine if the system is being brute-forced or attacked another way.
These are simple things that can be done to help improve network device security, besides just changing the default passwords on routers. If possible, invest in vulnerability and network configuration scanners that will bolster the security of these network devices.
Ask the Expert:
Want to ask Matt Pascucci a question about security? Submit your question now via email. (All questions are anonymous.)
Learn how to fully test IT networks for vulnerabilities
Check out three steps to prevent and mitigate router security issues
Find out how to rank enterprise network security vulnerabilities
Dig Deeper on Network device security: Appliances, firewalls and switches
Related Q&A from Matthew Pascucci
While there are no set rules, there are some security recommendations when it comes to virtual machines running on one host. Learn the best practices... Continue Reading
Poisoned search results have spread the Zeus Panda banking Trojan throughout Google. Learn what this means, how search engine poisoning works and ... Continue Reading
A report from CrowdStrike highlights the growth of malware-less attacks using certain command-line tools. Learn how to handle these growing attacks ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.