S 3.38 Administrator training on routers and switches

Initiation responsibility: IT Security Officer, Top Management

Implementation responsibility: Head of IT, IT Security Officer

In order to securely operate routers and switches, it is important that all work is performed by personnel that are able to optimally use all functions and security features offered. Therefore, it is absolutely necessary to provide the administrators with corresponding training.

The training courses should impart sufficient knowledge of the procedures, tools, and technologies necessary to configure and operate routers and switches. This is also applicable to manufacturer-specific aspects of the selected product. This safeguard describes requirements for training courses enabling administrators to install and operate routers and switches in a typical environment.

The training courses should convey the basic principles, concepts, and command knowledge regarding configuration, operation, maintenance, and troubleshooting. A training course should contain a well-balanced combination of theory and practical applications.

Even when the tasks are distributed among a group of administrators in such a way that each administrator only has a certain area of responsibility, it is essential that all administrators possess general knowledge of all tasks. Knowledge of the different main focuses can then be build up and maintained based on this general knowledge. For many products, the manufacturer or specialised providers offer a wide range of individual, in-depth seminars and sequences of seminars. The number of qualified training courses is also a criterion that should be taken into account when deciding which of the manufacturers will be used.

When purchasing IT components, a budget must be planned for the training courses and a training plan for administrators must be created. The contents of a training course must contain the following items:

• Basic principles
  • ISO/OSI layer model
  • network topographies/topologies and transmission technologies
  • cabling
  • active network components
  • basic principles of IP and the protocols based on it (IP addressing, subnetting, IP, ICMP, TCP, UDP)
  • overview of manufacturers and products
• Switching
  • functional description of a switch
  • "cut through" and "store and forward"
  • transparent bridging function (IEEE 802.1d)
  • spanning tree algorithm (IEEE 802.1d)
  • VLAN (VLAN types, tagging, IEEE 802.1q)
• Routing
  • functional description of a router
  • static and dynamic routing
  • dynamic routing protocols (RIPv1, RIPv2, OSPFv2, BGPv4, IGRP, EIGRP)
• WAN connection
  • basic principles of WAN technologies and protocols
  • types of switching (fixed, dial-up connection)
  • virtual private networks (VPNs)
  • wide-area connections (xDSL, ISDN)
  • WAN protocols (PPP, Frame Relay)
• Configuration
  • installation and cabling
  • setup and configuration of routers and switches (focus: operating system)
• Operation
  • management of the devices, tools
  • integration into network management systems (NMSs)
  • logging (syslog)
  • securing and administration of configuration files
• Troubleshooting
  • sources of error and their causes
  • measurement and analysis tools
  • test strategies for troubleshooting
  • requirements for secure network installations
• Information security
  • basic principles of information security, as well as security aspects relevant for routers and switches
  • authentication, authorisation
  • encryption procedures and applications
  • attack scenarios (denial-of-service attacks, ARP spoofing, IP spoofing)
  • "default settings" as a source of risk
  • prevention measures, reactions, and analysis
  • incident handling

Review questions:

• Are regular training courses performed for the responsible administrators?
• Do the training courses impart the basic principles, concepts, and command knowledge regarding configuration, operation, maintenance, security, and troubleshooting?
• Do the training courses take into account the manufacturer-specific aspects for the selected products?
• Do all administrators dispose of a general basic knowledge in the field of routers and switches?
• Are there training plans for the administrators?