Reviewing your router's logs (via its built-in firewall functions) is often the most effective way to identify security incidents, both in-progress attacks and indicators of upcoming attacks. Using outbound logs, you can also identify Trojans and spyware programs that are attempting to establish an outbound connection. Attentive security administrators were able to identify the Code Red and Nimda attacks before antivirus publishers were able to react.
Also, generally, the router is on the perimeter of your network, and allows you to get an overall picture of the inbound and outbound activity of your network.
Fortifying router security
Step 1: Change the default password!
Step 2: Disable IP directed broadcasts
Step 3: Disable HTTP configuration for the router, if possible
Step 4: Block ICMP ping requests
Step 5: Disable IP source routing
Step 6: Determine your packet filtering needs
Step 7: Establish Ingress and Egress address filtering policies
Step 8: Maintain physical security of the router
Step 9: Take the time to review the security logs
About the author
Chris Cox is a network administrator for the United States Army, based in Fort Irwin, California.
This tip originally appeared on SearchNetworking.com.
This was first published in January 2007