S 4.82 Secure configuration of active network components

Initiation responsibility: IT Security Officer, Head of IT

Implementation responsibility: Administrator

In addition to neglecting the security of server systems and end devices, the actual network infrastructure with the active network components is often neglected in many cases as well. Central active network components in particular, though, need to be configured with care. While the incorrect configuration of a server system will only affect the users who use the corresponding services on this system, the incorrect configuration of a router can lead to the failure of large subnetworks or even of the entire network, or can allow data to become compromised unnoticed.

The secure configuration of the active network components should be specified as well in the framework of the network concept (see S 2.141 Development of a network concept). The following in particular must be taken into account:

• For router and Layer 3 switching, it is necessary to select which protocols will be forwarded and which will be blocked. This can be accomplished by implementing suitable filter rules.
• It must be specified which IT systems will communicate in which direction over the router. This can also be implemented using filter rules.
• It should be specified which IT systems have access to the ports of the switches and hubs of the local network if this is supported by the active network components. The MAC address of the IT systems requesting access can be analysed and checked for authorisation for this purpose.

For active network components with routing functionality, it is also necessary to protect the routing updates suitably. The routing tables need to be updated in order to enable dynamic adaptation to the current situation in the local network. Two different security mechanisms can be used in this case:

• Passwords
  
  The use of passwords protects a router configured for password protection from accepting routing updates from routers that do not have the corresponding password. This allows the routers to be protected against accepting incorrect or invalid routing updates. The advantage of passwords over other protection mechanisms is their low overhead because only a little bandwidth and processor capacity is needed in this case.
• Cryptographic checksums
  
  Checksums provide protection against concealed changes to valid routing updates during transmission over the network. When used in combination with
  
  a sequence number or a unique identifier, a checksum can also provide protection against the reinstallation of old routing updates.

The selection of a suitable routing protocol is a prerequisite for adequate protection of the routing updates. RIP-2 (Routing Information Protocol Version 2, RFC 1723) and OSPF (Open Shortest Path First, RFC 1583) support passwords in their basic specification, and can also be extended to make use of cryptographic checksums.

Review questions:

• Is the secure configuration of active network components specified in the framework of the network concept?
• Are the admissible protocols and traffic flows for routers and Layer 3 switches implemented by means of adequate filter rules?
• Do the active network components support port security as a security function to restrict the access to network component ports to released MAC addresses of the IT systems?
• Do the protection mechanisms of the routing protocols used (e.g. within the framework of a routing update) conform to the current state of the art?