For any enterprise LAN, the router is a security lynchpin. Without a properly configured router, a network is vulnerable to both intrusion and internal leaks. In this step-by-step guide, posted here courtesy of SearchNetworking.com,
value-added resellers (VARs) and networking consultants will learn some helpful tips for securing their customers' networks at the router level.
For most enterprise LANs, the router has become one of the most critical security appliances in use. Generally, most networks have one primary access point, which is referred to as a "border router," that is often paired with a dedicated firewall.
Configured properly, it can keep all but the most determined bad guys out, and if you want, it can even keep the good guys in. But an improperly configured router is only marginally better than having no security in place at all.
In the following tip, we'll explore nine easy steps that you can take to ensure that you have a brick wall protecting your network and not an open door.
Fortifying router security
Step 1: Change the default password!
Step 2: Disable IP directed broadcasts
Step 3: Disable HTTP configuration for the router, if possible
Step 4: Block ICMP ping requests
Step 5: Disable IP source routing
Step 6: Determine your packet filtering needs
Step 7: Establish Ingress and Egress address filtering policies
Step 8: Maintain physical security of the router
Step 9: Take the time to review the security logs
About the author
Chris Cox is a network administrator for the United States Army, based in Fort Irwin, California.
This tip originally appeared on SearchNetworking.com.
This was first published in February 2007