S 2.280 Criteria for the procurement and selection of suitable routers and switches

Initiation responsibility: IT Security Officer, Head of IT

Implementation responsibility: Administrator

Active network components differ in terms of their range of functions, security mechanisms offered, ease of use, and efficiency. If errors are made during procurement, this may have severe consequences for the secure operation of a network, because the level of security aimed at may only be attained with some difficulty when inappropriate devices are used.

Therefore, before routers and switches are procured, a requirements list must be drawn up that can be used to evaluate the products available on the market. Based on the evaluation, it is then possible to make a well-founded purchase decision that ensures the product to be procured will meet the requirements during actual operation.

From an information security point of view, central requirements for active network components include that these allow administration using secure protocols and that user administration of the device allows implementation of the organisation-wide role concept. The requirement that passwords must only be stored to the device in encrypted form should go without saying, but there still are devices for which passwords must be stored to the configuration files in clear text. New procurements should exclude any devices that do not offer any secure administration option and do not allow encrypted storage of passwords.

Even purely functional features of active network components may affect information security. This mostly refers to the basic value of availability, for example if a device does not achieve the required throughput rates due to insufficient memory capacity. Furthermore, the support provided by the manufacturer plays a role that must not be underestimated, for example when it comes to promptly providing patches for security gaps.

The following contains a list of some basic requirements for the procurement of routers and switches. Below, some specific requirements will be described additionally, separated according to routers and switches

General criteria for routers and switches

• Basic functional requirements
  • Does the device support all protocols and cabling types needed?
• Security
  • Does the system support secure protocols for administration purposes?
    If routers and switches are not administrated using a separate administration network, it must be possible to configure these devices using secure network protocols (SSH2, for example).
  • Does the system support the encrypted storage of passwords?
    Devices storing their passwords in unencrypted form should not be purchased any more.
• Maintainability
  • Does the manufacturer offer regular updates and quickly available security patches?
    It is particularly important that the manufacturer reacts quickly to security gaps once they become public.
  • Is it possible to sign maintenance contracts for the product?
    It is often the case that manufacturers only provide access to updates and support services in connection with a valid maintenance contract.
  • Can maximum response times for eliminating problems be specified within the framework of the maintenance contracts?
    A maintenance contract is only suitable if the guaranteed response and recovery times meet the specified availability requirements of the devices.
  • Does the manufacturer offer technical customer service (hotline) able to provide help immediately in the event of problems?
    This point should be part of the maintenance contract signed. Pay attention to what languages support is provided on the manufacturer hotline before signing the contract.
• Reliability/failure safety
  • How reliable and fail-proof is the product?
    The manufacturer should possess empirical values regarding the reliability such as Mean Time Between Failures (MTBF), Mean Time To Repair (MTTR).
  • Does the manufacturer offer high-availability solutions?
    If the availability requirements cannot be covered by concluding maintenance contracts, the system must support high-availability solutions.
• User-friendliness
  • Is the product easy to install, configure, and use?
    Furthermore, training measures should be offered for the product.
• Cost
  • How high is the initial purchase cost of each device?
  • How high is the expected running cost (i.e. for maintenance, operation, and support)?
    This cost should be taken into consideration during the procurement phase already. The content of the maintenance and support contracts should be verified (response times, hotline, qualification of the personnel, etc.).
  • How high is the expected running cost for the personnel?
  • Do additional software or hardware components have to be procured (e.g. RADIUS servers, network management system)?
    This question should already be addressed during the planning phase. For example, if a network management system is already used, the compatibility with the devices to be procured should be checked. Moreover, the time and expense required for integrating the devices into an existing infrastructure should be taken into consideration.
  • How high is the cost for training the administrators?
• Functionality
  • Is it possible to securely integrate the system into the existing network management architecture?
    The time and expense required for installation should be taken into consideration. The manufacturer should provide MIB tables and information on the supported NMS protocols.
  • Does the system support NTP?
    NTP is particularly important in terms of the logging function, see also S 4.227 Use of a local NTP server for time synchronisation.
  • Does the system support the integration of authentication servers (e.g. RADIUS or TACACS+)?
    If an authentication server is already used, the system should be able to use this server.
• Logging
  • Which logging options are available?
    The logging options offered must meet the requirements specified in the security policy at a minimum. The following aspects are of particular relevance:
    • Can the level of detail of the logging function be configured?
    • Does the logging function record all relevant data?
    • Does the system support centralised logging (e.g. syslog)?
      Routers and switches should support centralised logging in order to be able to guarantee targeted evaluation of the log files.
    • Can logging be executed in such a way that the data protection laws are adhered to?
    • Are alerting functions supported?
      Attacks to routers and switches should be reported in a centralised and prompt manner using the alerting functions of the devices. For example, this can be done on the basis of a network management system.
• Infrastructure
  • Dimensions and compatibility with protective cabinets
    The space requirements of routers and switches must also be taken into consideration during the procurement phase. Is it possible to install the device into the designated protective cabinets (form factor, weight, attachment elements)?
  • Power supply and waste heat
    The manufacturer should provide information on the power consumption and the requirements regarding the ambient temperature. Are the existing power supply and UPS capacities sufficient? Is the available cooling power sufficient for dissipating the device's waste heat?

Specific criteria for switches

• Performance and scalability
  • Can the system meet the performance requirements?
    The manufacturer should provide information on the data throughput and the maximum throughput of the switch backplane should be taken into consideration in particular. Additional potential influencing factors regarding the performance include the size of the address cache and of the memory.
  • What is the number of available ports?
    An access switch should have a sufficient number of ports for connecting terminal devices. Often, the purchasing cost of different switches can be compared based on the cost per port.
  • Is the system "stackable" or (by means of additional slide-in cards, for example) can it be extended modularly?
    Additionally required functions or the need for a higher density of ports should not result in the devices having to be replaced prematurely.
• Functionality
  • Does the switch support layer 3 switching (routing)?
    In local networks, this function may be advantageous in terms of performance (data throughput).
  • Does the switch support VLANs?
    When using VLANs, the manufacturer should provide information on the standard applied.
  • Does the switch support cut through or/and store and forward?

Specific criteria for routers

• Performance and scalability
  • Can the system meet the performance requirements?
    The manufacturer should provide information on the data throughput. If the router is to be used as VPN end point, the supported encryption procedures and the performance when decrypting and encrypting the data also constitute important performance criteria.
  • Can the device be extended modularly?
    The number of interfaces available in the standard scope, particularly the maximum number of supported interfaces, should be taken into consideration.
• Functionality
  • Does the router support VPN functionality?
    A router with VPN functionality should support the IPSe standard and strong encryption algorithms (3DES, AES).
  • Does the router support the use of ACLs?
    The filter functions of the routers to be procured must be taken into consideration (see also S 5.111 Configuration of access control lists on routers).
  • Which routing protocols are supported?
  • The router should support secure routing protocols (see also S 5.112 Security aspects of routing protocols).

Review questions:

• Has a requirements list been drawn up in order to evaluate the products available on the market before procuring routers and switches?
• Do new procurements exclude any devices that do not offer any secure administration option and do not allow encrypted storage of passwords?
• Have the requirements for new switches and routers been documented in writing?