This excerpt is from Chapter 3, Securing Cisco Routers from CCSP Secur Exam 2 written by Raman Sud and Ken Edelman, and published by Que. Download the entire chapter for free here.
Assessing the Risk
The most important thing you need to understand is the risks involved in setting up networks via insecure installations. Insecure installation of network devices such as routers and switches would be classified as installs that can be attacked physically or via a configuration weakness.
Let us give you an example: Keeping your network devices under lock and key would prevent meditated physical attacks on the devices. It all depends on the type of environment you work in. Risk can be classified as low or high. High risk is associated with mission-critical devices, and these devices, in most cases, are your backbone routers and distribution layer switches.
Various Physical Threats and Mitigation
Hardware threats -- All threats that are associated with physical damage to the routers and switches are classified as hardware threats. You can mitigate hardware threats by providing controlled access to the facilities. You limit access to only network-related personnel into the main distribution facility (MDF), intermediate distribution facility (IDF), and network operations center (NOC). You can provide security by ensuring that there is no access to the facility via the ceiling, raised floors, AC ducts, or windows. You can also mitigate hardware threats by using security cameras and by logging entry attempts.
Environmental threats -- Threats associated with climatic conditions are environmental threats. To mitigate environmental threats, you need to ensure that there is adequate ventilation in the facility and that the temperature and humidity levels are maintained in accordance with the specifications defined in the equipment documentation. Once these parameters are in place, ensure that you have the ability to remotely manage and monitor temperature and humidity controls. Also make sure that the facility is free from electrostatic discharge (ESD) and magnetic interference.
Electrical threats -- Brown-outs, spikes, inadequate power supply, noise and power loss are typical examples of electrical threats. We highly recommend that your mission-critical devices are hooked up to an uninterruptible power supply (UPS). A UPS provides line conditioning and protects your network devices against irregularities in your power distribution system. Ensure that you have redundant power supplies in your network devices (if they support them) or some hot spares at the facility. This measure reduces the amount of downtime on your network. A generator can be an alternate source for power in case of a power outage if your environment is mission critical.
Maintenance threats -- Poor cabling, faulty labeling and electronic devices without adequate ESD deterrents are classified as maintenance threats. Make sure that the equipment cabling is labeled properly and that a proper labeling convention is followed. This measure helps in tracing cables in the facility and aids in quick troubleshooting as well. Ensure that cables have smooth bends when you go around the corner. You want no kinks on the cable, so you can guarantee the smooth flow of data.
Physical threats have four parts:
Download the rest of this chapter for free here.
Dig Deeper on Network device security: Appliances, firewalls and switches