Home
Topics
Networking Channel
Computer Network Installation and Administration Projects
Establish Ingress and Egress address filtering policies

Establish Ingress and Egress address filtering policies

Establish policies on your border router to filter security violations both outbound (egress) and inbound (ingress) based on IP address. Except for unique and unusual cases, all IP addresses that are attempting to access the Internet from inside of your network should bear an address that is assigned to your LAN. For instance, 192.168.0.1 may have a legitimate need to access the Internet through the router, but 216.239.55.99 is most likely to be spoofed, and part of an attack.

Inversely, traffic from the outside of the Internet should not claim a source address that is part of your internal network. For that reason, inbound addresses of 192.168.X.X, 172.16.X.X and 10.X.X.X should be blocked.

And lastly, all traffic with either a source or a destination address that is reserved or unroutable should not be permitted to pass thorough the router. This can include the loopback address of 127.0.0.1 or the class E address block of 240.0.0.0-254.255.255.255.

Requires Free Membership to View

Login

By submitting you agree to receive email communications from
TechTarget and its partners. Privacy Policy Terms of Use.

Fortifying router security

Introduction
Step 1: Change the default password!
Step 2: Disable IP directed broadcasts
Step 3: Disable HTTP configuration for the router, if possible
Step 4: Block ICMP ping requests
Step 5: Disable IP source routing
Step 6: Determine your packet filtering needs
Step 7: Establish Ingress and Egress address filtering policies
Step 8: Maintain physical security of the router
Step 9: Take the time to review the security logs

About the author
Chris Cox is a network administrator for the United States Army, based in Fort Irwin, California.

This tip originally appeared on SearchNetworking.com.

More News and Tutorials

Articles

This was first published in January 2007

More from Related TechTarget Sites

Microscope
Cloud Provider
Security
Networking
Storage
Cloud computing
Server Virtualization
Data Backup

MicroscopeUK
- Credit card fraud on the rise again
  
  Credit card fraud has become the criminals favored method of stealing money
- Canon launches recycled printer hardware
  
  Cannibalising old printer hardware set to save resellers time and money, says Canon
- Solera buy heralds new directions for Blue Coat
  
  Web security specialist Blue Coat claims its acquisition of big data intelligence and analytics firm Solera will help partners better address the evolving security market and tackle APTs
Cloud Provider
- What are the different phases of an IPv6 implementation?
  
  In an IPv6 implementation, it's important to spend time with each of the five phase of the process, IPv6 expert Chip Popoviciu says.
- MSPAlliance cloud insurance offers liability coverage for providers
  
  The MSPAlliance introduces new cloud insurance program, offering extended liability coverage for providers and peace of mind for customers.
- SDN's missing links: Five barriers blocking SDN adoption by providers
  
  As more providers move to deploy SDN, adoption is being hindered by crucial gaps in device standards and tools for network control.
Security
- Using network flow analysis to improve network security visibility
  
  To overcome network security issues from advanced attackers and BYOD, security professionals are turning to network flow analysis to gain improved network security visibility.
- Sourcefire updates malware detection, malware analysis capabilities
  
  New features for detecting and analyzing malware in Sourcefire's FireAMP and FirePOWER products supplement flagging signature-based antimalware.
- Goals for how to become a CISO if you're a security technologist
  
  Security technologists aspiring to become CISOs must develop a variety of business skills, as Joe Granneman explains in this Ask the Expert Q&A.
Networking
- WAN optimizer form factor differences don't dictate superiority
  
  The WAN optimization Magic Quadrant reveals different WAN optimizer form factors are helping to better match evolving enterprise requirements.
- Using big data analysis to harness your network operations
  
  Big data is all the craze, but analyzing big data intelligently can help network administrators pinpoint potential problems.
- Troubleshooting network problems with good governance and design
  
  Packet loss, oversubscription, unpatched and inconsistent switch software still plague enterprise networks. Find out how engineers are fighting back.
searchStorage
- Permabit Technology extends primary data deduplication software
  
  Permabit tries to make its primary deduplication software more palatable to OEMs by adding compression and replication plug-ins.
- HP cloud storage service features open source OpenStack object store
  
  HP cloud storage service uses open source OpenStack object store to attract developers, ISVs and enterprises in competition against Amazon S3.
- Can storage hypervisors bring high availability to the cloud?
  
  Learn how the advanced functionality of a storage hypervisor provides a cloud infrastructure with high availability.
Cloud computing
- Sequestration stymies federal government cloud ambitions
  
  The federal government is under mandates to consolidate data centers and deliver IT as a Service, but sequestration makes this easier said than done.
- VMware charges into public cloud IaaS fray as Dell exits
  
  Dell will discontinue its OpenStack and VMware vCloud-based public cloud offerings as VMware delivers its vCloud IaaS.
- Cloud migration obstacles remain for heavily regulated industries
  
  Financial, government and healthcare industries must overcome data security breaches and regulatory issues for a successful cloud migration.
Server Virtualization
- Strike a common-sense balance when deciding what to automate
  
  Consider the many factors that determine the potential return on investment when deciding when and what to automate.
- How can I enable automated VM resource provisioning?
  
  As with many other facets of virtualization, VM resource allocation is becoming automated. Find out what tools you can use for automated provisioning.
- Columbia Sportswear's move from virtualization to private cloud computing
  
  Columbia Sportswear parlayed server virtualization into a private cloud. Along the way, it found that its management tools needed serious rethinking.
searchDataBackup
- The pros and cons of integrated backup appliances
  
  Find out whether integrated backup appliances with backup software, server and storage offer any benefits beyond ease of installation.
- Quantum vmPRO adds LTFS tape support, DXi V-Series gains capacity
  
  Quantum upgrades its vmPRO virtual machine backup appliance, supporting 24 TB of pre-deduped data and LTFS tape in a virtual appliance.
- Veeam Software adds WAN acceleration, tape support for VM backup
  
  Veeam upgrades its virtual machine backup software, building WAN acceleration and native tape support into Backup & Recovery v7.

All Rights Reserved,Copyright 2006 - 2013, TechTarget