Home > Production Story, Tips > Securing Routers and Switches

Securing Routers and Switches

Like every financial firm we get our share of audits. Most audits are scheduled but once in a while you can get a surprise visit – someone knock on your door and say:
“hello, we’re here for an audit”.

Part of my job is making sure my network is ready for D-day. If the auditors ask about network security I should have all the answers and preferably have a working implementation to prove my story.

So the day has come and I was asked about my network security with routers and switches at the heart of the audit. As a proud CCNP I had good answers and could easily prove my case to the required extent.  In this post I want to go over some basic steps that make a difference not just at audit day but everyday.

Physical Security – That is the physical access to the router (which result in console cable access). While most companies secure their communication rooms\closets there is one item many fail to secure: Access Switches. Many networks hold an access switch per department or floor, they put the switch on a randomly available shelf, on top of a PC or under a desk. This is a huge hole as anyone can access the switch and plug to any of its ports.

Access Lock down – If you failed to secure access to the switch or if for any reason you are forced to do so, there are few steps you can take to block intruders:

Security Monitoring – Building a second layer of security using some easy to configure tools. Enable logging and make sure the time is set to either local time or UTC so you can have accurate data. If a Syslog server is available, use it to keep track of all your logs (and avoid the misfortune of power loss on the router).

Use Access Lists – ACL is a powerful tool that can help you manage access by port, source or destination addresses. Build different access-lists for different connections and block any unnecessary traffic. Make sure you apply each access-list to the proper interface (and correct direction). Check this video on using ACL to harden IOS security.

One more reference: Cisco’s guide to harden Cisco IOS devices.

  1. May 11, 2010 at 5:30 am

    Nice quick list of things to remember to get you up and running securely as well 🙂

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: