Security design considerations/issues for routers and switches
Active In SP
Joined: Sep 2010
07-01-2011, 04:11 PM
routers and switches .ppt (Size: 373.5 KB / Downloads: 44)
Motivation for providing Router Security
Router security considerations
Router Security Policy
Switch security considerations
Router is a device which extracts the destination address from the incoming packet and sends it to the destination through the optimal path. Directing data between portions of a network is the purpose of a router.
Routers operate at the Network layer of the OSI model. They pass traffic between two different IP networks which may be either LANs or WANs
Switches listen to the traffic on each Ethernet port and discover to which port each attached device is connected. The switch then sends traffic directly to the destination port
By using a switch we can ensure that most of the network traffic only goes where it needs to rather than to every port. Thus increasing the network performance
Possible Attacks on Routers
Session Replay Attack
Motivation for providing Router security
Compromise of a router can lead to various security problems on the network served by that router, or even other networks with which that router communicates.
Compromise of a router’s route tables can result in reduced performance, denial of network communication services, and exposure of sensitive data.
Compromise of a router’s access control can result in exposure of network configuration details or denial of service, and can facilitate attacks against other network components.
A poor router filtering configuration can reduce the overall security of an entire enclave, expose internal network components to scans and attacks, and make it easier for attackers to avoid detection.
Proper use of router cryptographic security features can help protect sensitive data, ensure data integrity, and facilitate secure cooperation between independent enclaves.
Router Security Policy
The innermost layer is the physical security of the router
The next innermost layer is the stored software and configuration state of the router
The next outermost layer has the dynamic configuration (Routing Tables)
The outer zone of the diagram represents the intra-network and inter-network traffic that the router manages.