Chapter 9. Adding Security
On the Internet, routers are the primary devices responsible for distributing traffic, whether that traffic is e-mail messages, documents, videos, or unwanted spam. Traffic transmission rates were initially limited by the speed of the network routers. However, in the past ten years, Juniper has introduced routers with interfaces that run at line speed (that is, at the maximum speed supported by the link connecting to the router interface). Over this decade, interface speeds have increased dramatically, with both faster SONET/SDH and Ethernet interfaces.
These advances mean that you can now move traffic, both wanted and unwanted, very quickly across the Internet. A hacker who can take control of an unsecured or an improperly secured router can wreak havoc on your network and can use the router as a launching pad for denial-of-service and other types of attacks. And all of it can happen faster than you can make a sandwich and eat it.
Fortunately, in this chapter, we cover several security features and practices you can take advantage of.
Stop! Physical Security
A basic way to secure your router is to limit physical access to it. This precaution prevents someone from accidentally or deliberately turning off the router or removing or replacing cables and power cords connected to the router.
Also, anyone who has physical access to a router can connect to the router's console port. If someone manages to log in as the root user, he can take control of the router, ...