SANS is one of the most trusted sources for computer security training. The SANS (SysAdmin, Audit, Network, Security) Institute was established in 1989 as a cooperative research and education organization and provides training courses, newsletters, and resources for auditors, network administrators, and employees in the area of business network security.
Here are some tips on network security from SANS regarding policies and practices designed to keep your network safe and secure:
Every router must meet the following configuration standards:
1. No local user accounts are configured on the router. Routers must use TACACS+ for all user
authentication.
2. The enable password on the router must be kept in a secure encrypted form. The router must have
the enable password set to the current production router password from the router’s support
organization.
3. Disallow the following:
a. IP directed broadcasts
b. Incoming packets at the router sourced with invalid addresses such as RFC1918 address
c. TCP small services
d. UDP small services
e. All source routing
f. All web services running on router
4. Use corporate standardized SNMP community strings.
5. Access rules are to be added as business needs arise.
6. The router must be included in the corporate enterprise management system with a designated
point of contact.
7. Each router must have the following statement posted in clear view:
“UNAUTHORIZED ACCESS TO THIS NETWORK DEVICE IS PROHIBITED. You must have
explicit permission to access or configure this device. All activities performed on this device may
be logged, and violations of this policy may result in disciplinary action, and may be reported to
law enforcement. There is no right to privacy on this device.”
8. Telnet may never be used across any network to manage a router, unless there is a secure tunnel
protecting the entire communication path. SSH is the preferred management protocol.
By purchasing or leasing a new or used Cisco ASA 5500 AIP Security Services Module-20, you can enhance your network’s security. A router loaded with security features coupled with best practices from an organization like SANS is ideal for keeping data, software, and hardware free from virus, Trojan horses, botnets, and other high security risks.