5.1.5 Identify securing network devices. (Protocols (Unused protocols and…
5.1.5 Identify securing network devices.
Patches and Updates- Router operating system is patched with up-to-date software.
Unused protocols and ports are blocked.Ingress and egress filtering is implemented.
ICMP traffic is screened from the internal network.
TTL expired messages with values of 1 or 0 are blocked (route tracing is disabled).
Directed broadcast traffic is not forwarded.
Large ping packets are screened.
Routing Information Protocol (RIP) packets, if used, are blocked at the outermost router.
Unused management interfaces on the router are disabled.A strong administration password policy is enforced.
Static routing is used.
Web-facing administration is disabled.
Services- Unused services are disabled (for example bootps and Finger).
Auditing and logging-
Logging is enabled for all denied traffic.Logs are centrally stored and secured.
Auditing against the logs for
unusual patterns is in place.
Intrusion detection- IDS is in place to identify and notify of an active attack.
Patches and updates- Latest security patches are tested and installed or the threat from known vulnerabilities is mitigated.
VLANs- Make sure VLANs are not overused or overly trusted.
All factory passwords are changed.Minimal administrative interfaces are available.
Access controls are configured to secure SNMP community strings.
Services- Unused services are disabled.
Encryption- Switched traffic is encrypted
Log synchronization- All clocks on devices with logging capabilities are synchronized.
Administrative access to the network- TACACS or RADIUS is used to authenticate administrative users.
Network ACLs- The network is structured so ACLs can be placed on hosts and networks.
Patches and updates-Firewall software and OS are patched with latest security updates.
Filters- Packet filtering policy blocks all but required traffic in both directions.Application-specific filters are in place to restrict unnecessary traffic.
Logging and auditing
All permitted traffic is logged.Denied traffic is logged.
Logs are cycled with a frequency that allows quick data analysis.
All devices on the network are synchronized to a common time source.
Perimeter networks- Perimeter network is in place if multiple networks require access to servers.Firewall is placed between untrusted networks.