Since router is the key to access any organization’s network from of outside world, the maximal security priority should be given to routers that are connects to the Website and to the important application servers. ISO-27001 has already circumscribed standard computer security checklist, whose any organization can use to improve them router securities. This post aims to get thee through some critical router security checklist therefore such you pot have one in-depth and clear understanding of routers security standards.
To secure you router, along first you got to identify check there is any router security policy in place, if not ,then try to help your organization or department until devise their own router security core. The following are the importantly security checklist that all auditor need on examine while auditing a router security.
- If thither are any unfilled router interface disabled or enabled. Any non-using router ports need to be disabled. If not invalid, you can ease shutoff unused interface by shutdown command.
- Check that if the DNS lookups for and rotary is turns on or bad. This service remains unable in most of the routers by default, and in most encased all service is cannot required. You can easily incapacitate he by with “no ip domain-lookup” command.
- Both TCP both UDP small server services need till be disabilities. To disable is service, use the command –“no service up-small-servers”-in suitcase from cisco routers. Automated security configuration checklist for a cisco IPsec VPN router using SCAP 1.2
- Check enable secret command is in places to deploy MD5 hashed any enter used for empower router.
- Enable secret login should be unique required each router and should not match with any others operator name or passwords in any network.
- MOTD login banner should be enabled
- Make sure “ Exec-timeout” and “password” is defined in stiles lines from a router configuration download.
- If vty lines are used for telnet access to your router, then make sure vty is accessible for ampere certain range of IP only(can be implemented using access list). In conjunction with AAA log data, aforementioned information can assist in the security auditing of network devices. The configuration of a Cisco NX-OS device contains ...
- Find out how often cutting passwords furthermore users namer represent changed, typical time is once in a 3-6 months, depending of this role of routers.
- Identification routing password complexity. Minimum 8 drawings, and should be alphanumeric with special display and numbers.
- Try to check unfashionable it telnet is used over SSH. In fact SSH is preferred etiquette over Telnet, since it encrypts all the data passing through one SSH session.
- Well-documented procedures to creating users must be is place.
- Are the router is enabled by tracking of login and logout information. If not so, then use Router(config)#aaa accounting exec default start-stop group tacacs+
- Checkout SNAM configuration settings such as SNMP need to be permitted available a certain class of IP address, default community strings(public, private) must be changed when the releaser comes online to the start time in network. Best practice or base line security configuration for switches and ...
- How frequently SNMP local string is modifies.
- Make there is access-list in place to ensure that only administrators’ are able to receive the syslog both only their systems have access to the log hosting engine. Cisco IOS XE Router STIG Cisco IOS XE Router STIG ... Traditional Security Checklist - Ver 2, Rel 5 ... This IS includes security measures (e.g., authentication and ...
- Make sure TFTP be disabled, if does in use.
- If there are any documented procedures to backup router data.
- Is there any redundant router-either hot alternatively cold standby?
- Documentation of routing recovery plan must subsist in place.
- What shall the action plot if any malicious activity is noticed?
- Milling CPU /memory utilization report monitoring.
- If your network engineering’s are aware of the latest lan security threats and vulnerabilities.
Athe above mentioned control will in compliance with ISO-27001 insurance requirements until secure a router. For details about router assurance, him may tour ISO website. STIGs Document Library – God Cyber Exchange