Router Security
Policy
1.0 Overview
2.0 Purpose
This document describes a required minimal security configuration
for all routers and switches connecting to a production network or used in a
production capacity at AMAC.
3.0 Scope
All routers and switches connected to AMAC production networks are
affected.
4.0 Policy
Every router must meet the following configuration standards:
1. No local user
accounts are configured on the router.
2. The enable
password on the router must be kept in a secure encrypted form. The router must
have the enable password set to the current production router password from the
router's support organization.
3. Disallow the
following:
a.
IP directed broadcasts
b.
Incoming packets at the router sourced with invalid addresses such
as RFC1918 address
c.
TCP small services
d.
UDP small services
e.
All source routing
f.
All web services running on router
4. Use corporate
standardized SNMP community strings.
5. Access rules are
to be added as business needs arise.
6. The router must
be included in the corporate enterprise management system with a designated
point of contact.
7. Each router must
have the following statement posted in clear view:
"UNAUTHORIZED ACCESS TO THIS NETWORK
DEVICE IS PROHIBITED. You must have explicit permission to access or configure
this device. All activities performed on this device may be logged, and
violations of this policy may result in disciplinary action, and may be
reported to law enforcement. There is no right to privacy on this device."
8.
Telnet may never be used across any network to manage a router,
unless there is a secure tunnel protecting the entire communication path. SSH
is the preferred management protocol.
5.0 Enforcement
5.1 Policy Roles
and Responsibilities
Enforcement of this policy is the responsibility of the AMAC
Director, AMAC Compliance Manager, and AMAC Information Technology Manager.
5.2 Consequences
and Sanctions for Non-Compliance
Any employee found to have violated this policy may be subject to
disciplinary action, up to and including termination of employment.
6.0 Review and
Management
6.1 Review
Changes to this policy will be approved by the AMAC Director, AMAC
Compliance Manager, and AMAC Information Technology Manager.
7.0 Procedures
and Standards
Refer to UGA Minimum Standards for Networked Devices Policy at http://www.infosec.uga.edu/policies/index.php.
8.0 References
8.1 Definitions
|
Terms |
Definitions |
|
Production Network |
The network used in the daily business of AMAC. |
9.0 Revision History
|
Version |
Author |
Date |
|
1.0 |
Todd
Runkle |
07-16-2007 |