4.6. Limit Access to Routers

Protecting routers from being corrupted by remote attacks is important, but a more basic control overlooked by many network administrators is restricting who can access their routers. Many networks have fewer than five routers in place. In smaller networks a full-blown authentication system, like TACACS and RADIUS (covered in Chapter 6), is probably overblown. However, even in smaller networks, access to the router should be limited, both in terms of securing it against external unauthorized access and restricting personnel within your organization who have access.

An attacker who gains access to the network and is able to sniff, or guess, the router password can easily take the network offline, and may be able to ...

Get The Practice of Network Security: Deployment Strategies for Production Environments now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.