Networking

Keep your router configurations secure

The security you add when managing routers can make the difference between providing a functional and responsive network or an isolated intranet that provides services to no one. Take these steps to maintain router security.

When it comes to an enterprise's network, routers are at the top of the food chain. Clients request information, servers provide information, and switches connect clients and servers together. But routers run the network.

The security you add when managing routers can make the difference between providing a functional and responsive network or an isolated intranet that provides services to no one. Let's look at some steps you can take to maintain router security.

Managing your routers starts with how you configure them. If you don't have a baseline document that details your routers' configurations, you need to create one.

If you need some help, check out the National Security Agency's guidelines. These guides are comprehensive and provide an excellent starting point.

Establishing and documenting a router's configuration brings you to the first crucial step in securely managing that configuration: Loading and storing the initial baseline configuration in a secure manner is essential.

Ideally, you should perform the initial configuration from the console and store it on a network drive. Most important, do not store it on the local drive of a laptop! Portable computing devices (i.e., laptops, PDAs, memory sticks, etc.) have a way of getting lost or stolen, which can compromise the integrity and functionality of your entire network.

After you've loaded the configuration, your next step is to synchronize the running configuration with the startup configuration. But don't think you're finished once the router is up and running on the network -- you need to maintain that configuration and make changes periodically.

Some administrators like to make changes online, while others prefer making changes offline and then uploading the configuration. Both have their benefits.

When making online changes, you can get immediate feedback as well as syntax checking. For example, the router will alert you if you misspell a command. In addition, if you make a change that causes problems with your network, you'll generally know right away.

On the other hand, if you make offline changes, you have the opportunity to add comments and use router configuration editors. However, this method provides no syntax checking or feedback on changes.

If you decide to use the offline approach, make sure you use a secure method of configuration delivery. Trivial File Transfer Protocol (TFTP) is not a recommended method for delivery as it provides no security for connection or delivery of your configuration. File Transfer Protocol (FTP) -- as long as you configure a username and password -- or Secure Copy Protocol (SCP) are the most secure methods of delivering a new configuration.

Regardless of how you manage the updates of your router configurations, it's essential that you save each configuration change and document all modifications. This enables you and others to better understand the changes and review them if something goes awry.

Final thoughts

Data has a way of walking out the front door and ending up in the wrong hands. To prevent such an event, never store router configurations on portable media. Instead, keep your configurations safely behind a folder secured with the proper permissions on a network drive.

Worried about security issues? Who isn't? Automatically sign up for our free IT Security newsletter, delivered every Tuesday and Friday, and get hands-on advice for locking down your systems.

13 comments
quad3040
quad3040

You write that ?data HAS a way of walking out the front door . . .? How pathetic that a so-called professional writer uses such poor grammar. The word "data" is plural and requires the plural form of whatever verb: ?data HAVE a way of walking out the front door . . .? Take note: it?s one ?datum? but two or more ?data?. But who really cares? Only the rarest "professional" uses proper grammar anymore, in or out of the computer industry.

quad3040
quad3040

You write that ?data HAS a way of walking out the front door . . .? How pathetic that a so-called professional writer uses such poor grammar. The word "data" is plural and requires the plural form of whatever verb: ?data HAVE a way of walking out the front door . . .? Take note: it?s one ?datum? but two or more ?data?. But what the hell, you have lots of company. Only the rarest "professional" uses proper grammar anymore, in or out of the computer industry.

trebuntou
trebuntou

thanks for the nice information....

JohnBoyNC
JohnBoyNC

I'm a "glass is half full" kinda guy. You recommend to "never store router configurations on portable media. Instead keep your configurations safely behind a folder secured with the proper permissions on a network drive." And when the router providing your network connectivity is down, how do you propose accessing that folder? We keep configs on CD, one local copy in a combo-locked safe and a second copy stored with the offsite backup media in another locked safe.

rkuhn040172
rkuhn040172

Dude, you need to have sex more often.

raynebc
raynebc

The American Heritage Dictionary claims that 60% of their usage panel accepts "data" as a singular noun.

Mond0
Mond0

The Mirriam Webster dictionary defines it this way: [i]Data[/i] leads a life of its own quite independent of datum, of which it was originally the plural. It occurs in two constructions: as a plural noun (like earnings), taking a plural verb and plural modifiers (as these, many, a few) but not cardinal numbers, and serving as a referent for plural pronouns (as they, them); and as an abstract mass noun (like information), taking a singular verb and singular modifiers (as this, much, little), and being referred to by a singular pronoun (it). Both constructions are standard. The plural construction is more common in print, evidently because the house style of several publishers mandates it.

NOW LEFT TR
NOW LEFT TR

when the server / folder is on the local LAN subnet.

Ed.Ridland
Ed.Ridland

My Grammar has nothing to do with this, shes 80 years old and cant program her VCR. Seriously, I Think comments should focus on the content rather than any other aspect of the article. Ed http://www.edginet.com

Absolutely
Absolutely

I thought orchard17 was a bit rude, but he's not wrong. Try again.

Absolutely
Absolutely

I Think comments should include conTenT, spleeling, puncTuaT!on & grammar but [u]never[/u] capiTalizaTion. :D