In the last few years, routers have increasingly become targets of malicious hackers attempting to launch distributed denial-of-service ( DDoS) and other attacks across the Internet. Having control of a router, especially one with high-speed links, provides an even greater opportunity for mischief than just controlling PCs. A hacker in control of your router can reconfigure the system and take over your entire autonomous system (AS). Hackers are often able to log in to and take over routers simply because of negligence on the part of a router administrator who doesn’t implement basic security precautions, such as setting a password for the root account, or who uses a password that can easily be discovered, such as juniper, cisco, root, or admin. Given the increasing number of malicious attacks occurring on the Internet, it is vital for you to secure your router.

This chapter talks about how to configure router access, including setting up login accounts, and other basic security measures you should take to control access to the router and to protect your router from undesired access.

There is nothing complicated about what you need to do to protect your router. Basic router security consists of three components. Two of these—limiting physical access to your router and configuring the JUNOS software to minimize the vulnerability of your router—are under your control. Properly configuring the router to be as secure as ...