Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Save to My Library
Look up keyword or section
Like this
29Activity

Table Of Contents

0 of .
Results for:
No results containing your search query
P. 1
Router Security Configuration Guide

Router Security Configuration Guide

Ratings:

4.0

(1)
|Views: 1,200 |Likes:
Published by api-3726247
By the System and Network Attack Center - NSA
By the System and Network Attack Center - NSA

More info:

Published by: api-3726247 on Oct 15, 2008
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

03/18/2014

pdf

text

original

UNCLASSIFIED
Report Number: C4-054R-00
Router Security
Configuration Guide
Principles and guidance for secure configuration of IP routers,
with detailed instructions for Cisco Systems routers

Router Security Guidance Activity
of the
System and Network Attack Center (SNAC)

Authors:
Vanessa Antoine
Patricia Bosmajian
Daniel Duesterhaus
Michael Dransfield
Brian Eppinger
James Houser
Andrew Kim
Phyllis Lee
David Opitz
Michael Wiacek
Mark Wilson
Neal Ziring

Updated: November 21, 2001
Version: 1.0j

National Security Agency
9800 Savage Rd. Suite 6704
Ft. Meade, MD 20755-6704

W2KGuides@nsa.gov
UNCLASSIFIED
Router Security Configuration Guide
UNCLASSIFIED
Warnings

This document is only a guide to recommended security settings for Internet Protocol
(IP) routers, particularly routers running Cisco Systems Internet Operating System
(IOS) versions 11 and 12. It is not meant to replace well-designed policy or sound
judgment. This guide does not address site-specific configuration issues. Care must
be taken when implementing the security steps specified in this guide. Ensure that
all security steps and procedures chosen from this guide are thoroughly tested and
reviewed prior to imposing them on an operational network.

This document is current as of September, 2001.
Acknowledgements

The authors would like to acknowledge Daniel Duesterhaus, author of the original
NSA \u201cCisco Router Security Configuration Guide,\u201d and the management and staff of
the Applications and Architectures division for their patience and assistance with the
development of this guide. Special thanks also go to Ray Bongiorni for his quality
assurance and editorial work. Additional contributors to the development effort
include Andrew Dorsett, Jennifer Dorrin, Charles Hall, Scott McKay, and Jeffrey
Thomas.

Trademark Information

Cisco, IOS, and CiscoSecure are registered trademarks of Cisco Systems, Inc. in the
U.S.A. and other countries. Windows 2000 is a registered trademark of Microsoft
Corporation in the US.A. and other countries. All other names are trademarks or
registered trademarks of their respective companies.

Revision History
1.0
Sep 2000
First complete draft, extensive internal review.
1.0b
Oct 2000
Revised after review by Ray Bongiorni
1.0d
Dec 2000
Revised after additional testing, submitted
for classification and pre-publication review.
1.0e
Jan 2001
Polished format, cover page, fixed up
grammar, etc. First release version.
1.0f
Mar 2001
Second release version: fixed typos and errors,
added references, passed second pre-pub review
1.0g
Apr 2001
Third release version: incorporated external
feedback, fixed typos.
1.0h
Aug 2001

Fourth release version: incorporated more external
feedback, added SSH section, fixed more typos,
updated some links. Another QA review.

1.0j
Nov 2001
Fifth release version; more external feedback,
added some tools and polished some procedures.
2
UNCLASSIFIED
Version 1.0j
UNCLASSIFIED
Contents
Contents
Preface
5
1. Introduction
7

1.1. The Roles of Routers in Modern Networks..................................................................... 7 1.2. Motivations for Providing Router Security Guidance..................................................... 9 1.3. Typographic and Diagrammatic Conventions Used in this Guide................................ 10 1.4. Structural Overview......................................................................................................12

2. Background and Review
15

2.1. Review of TCP/IP Networking...................................................................................... 15 2.2. TCP/IP and the OSI Model............................................................................................ 17 2.3. Review of IP Routing and IP Architectures.................................................................. 19 2.4. Basic Router Functional Architecture........................................................................... 22 2.5. Review of Router-Relevant Protocols and Layers......................................................... 25 2.6. Quick \u201cReview\u201d of Attacks on Routers......................................................................... 27 2.7. References.....................................................................................................................28

3. Router Security Principles and Goals
31

3.1. Protecting the Router Itself............................................................................................ 31 3.2. Protecting the Network with the Router........................................................................ 32 3.3. Managing the Router..................................................................................................... 36 3.4. Security Policy for Routers........................................................................................... 38 3.5. References.....................................................................................................................43

4. Implementing Security on Cisco Routers
45

4.1. Router Access Security.................................................................................................. 46 4.2. Router Network Service Security.................................................................................. 60 4.3. Access Lists and Filtering............................................................................................. 72 4.4. Routing and Routing Protocols...................................................................................... 85 4.5. Audit and Management............................................................................................... 106 4.6. Security for Router Network Access Services............................................................. 141 4.7. Collected References...................................................................................................161

5. Advanced Security Services
163

5.1. Role of the Router in Inter-Network Security............................................................. 163 5.2. IP Network Security.................................................................................................... 164 5.3. Using a Cisco Router as a Firewall............................................................................. 186 5.4. Using SSH for Remote Administration Security......................................................... 195 5.5. References...................................................................................................................200

6. Testing and Security Validation
203

6.1. Principles for Router Security Testing........................................................................ 203 6.2. Testing Tools...............................................................................................................203 6.3. Testing and Security Analysis Techniques.................................................................. 204

Version 1.0j
UNCLASSIFIED
3

Activity (29)

You've already reviewed this. Edit your review.
1 hundred reads
1 thousand reads
Sophearum Yun liked this
Yasin Shekh liked this
Jawad Asif liked this
Tam Ken liked this
Suresh Sahu liked this
noppong liked this
srinivasknaidu liked this

You're Reading a Free Preview

Download
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->