| One security measure that is often overlooked on | | | | hijacking of a complete network or to completely |
| networks is routing security. Even on closed networks, | | | | shutdown the network with a denial of service attack. |
| routing security is important and many times IT | | | | With proper routing security you can help control this |
| professionals overlook securing their routing protocols. | | | | problem on the network. For one, most current |
| Most of the time they feel that because the routing | | | | generation routing protocols allow for authentication to |
| protocols can't be compromised from outside the | | | | take place. For example, with EIGRP you can create |
| network, then they disregard the fact that they can be | | | | an authentication key and use that key to authenticate |
| just as easily compromised from inside the network if | | | | routers on the network. When a router receives |
| not easier. Routing security can be just as important in | | | | routes with the proper authentication key, only then will |
| your security policy as anything else. | | | | it allow the routes to update the routing table. If the |
| Many large networks with multiple internal subnets use | | | | router receives routes that do not have the right |
| routing protocols across the infrastructure to automate | | | | authentication key, it just ignores them. |
| route path discovery. These routers rely on sending | | | | It is also important to note that if you are using a |
| their routing tables and route information to each other | | | | routing protocol on your network, ensure that you are |
| to allow for proper network convergence. Setting up | | | | using a current generation protocol and not an |
| route protocols on the network passes this information | | | | obsolete protocol like RIP. Most of the newer protocols |
| across the network to allow other routers to receive | | | | like EIGRP will only send routing table information when |
| the information. Some protocols broadcast this traffic | | | | routes on the network change. This helps alleviate the |
| across the network for anyone to hear. By default, | | | | issue of sending route information across the network |
| routers configured with routing protocols such as RIP, | | | | for anyone to grab with a sniffer. Another method to |
| OSPF, or EIGRP will automatically update their routing | | | | help prevent that is to create a distribution list so that |
| tables regardless of where the routing updates have | | | | the routes only get sent to specific routers in a unicast |
| come from. This means that anyone who knows what | | | | fashion. |
| they are doing can easily forge route update packets | | | | Routing security, while often overlooked, should be an |
| and send them across the network to place their own | | | | important part of your network security policy. A little |
| routes into routers on the corporate infrastructure. | | | | common sense and some basic knowledge on routing |
| This is why routing security is important. Imagine | | | | protocols can really help you secure your route |
| allowing an attacker to update the routes on your | | | | infrastructure to prevent attacks from inside the |
| network to pass all traffic destined for one IP address | | | | network from occurring. |
| to another network completely. This allows for easy | | | | |