Network Security Mitigating Common Threats
Improper and incomplete network device installation is an often-overlooked security threat that, if left unaddressed, can have terrible results. Software-based security measures alone cannot prevent intended or even accidental network damage caused by poor installation. Now we will describe how to mitigate common security threats to Server Routers and Switches.
Physical Installations
Physical installations involve four types of threats:hardware, electrical, environmental, and maintenance.
Hardware threats
Hardware threats involve threats of physical damage to the router or switch hardware. Mission-critical Cisco network equipment should be located in wiring closets or in computer or telecommunications rooms that meet these minimum requirements:- The room must be locked with only authorized personnel allowed access.
- The room should not be accessible via a dropped ceiling, raised floor, window, ductwork, or point of entry other than the secured access point.
- If possible, use electronic access control with all entry attempts logged by security systems and monitored by security personnel.
- If possible, security personnel should monitor activity via security cameras with automatic recording.
Electrical threats
Electrical threats include irregular fluctuations in voltage, such as brownouts and voltage spikes, Electrical threats, such as voltage spikes, insufficient supply voltage (brownouts), unconditioned power (noise), and total power loss, can be limited by adhering to these guidelines:- Install uninterruptible power supply (UPS) systems for mission-critical Cisco network devices.
- Install backup generator systems for mission-critical supplies.
- Plan for and initiate regular UPS or generator testing and maintenance procedures based on the manufacturer-suggested preventative maintenance schedule.
- Install redundant power supplies on critical devices.
- Monitor and alarm power-related parameters at the power supply and device levels.
Environmental threats
Environmental threats include very low or high temperatures, moisture, electrostatic, and magnetic Interference Environmental threats, such as temperature extremes (too hot or too cold) or humidity extremes (too wet or too dry), also require mitigation. Take these actions to limit environmental damage to Cisco network devices:- Supply the room with dependable temperature and humidity control systems. Always verify the recommended environmental parameters of the Cisco network equipment with the supplied product documentation.
- Remove any sources of electrostatic and magnetic interference in the room.
- If possible, remotely monitor and alarm the environmental parameters of the room.
Maintenance threats
Maintenance threats include not having backup parts or components for critical network components; not labeling components and their cabling correctly Maintenance threats include poor handling of key electronic components, electrostatic discharge (ESD), lack of critical spares, poor cabling, poor labeling, and so on. Maintenance-related threats are a broad category that includes many items. Follow the general rules listed here to prevent maintenance-related threats:- Clearly label all equipment cabling and secure the cabling to equipment racks to prevent accidental damage, disconnection, or incorrect termination.
- Use cable runs, raceways, or both to traverse rack-to-ceiling or rack-to-rack connections.
- Always follow ESD procedures when replacing or working with internal router and switch device components.
- Maintain a stock of critical spares for emergency use.
- Do not leave a console connected to and logged into any console port. Always log off administrative interfaces when leaving a station.
- Do not rely upon a locked room as the only necessary protection for a device. Always remember that no room is ever totally secure. After intruders are inside a secure room, nothing is left to stop them from connecting a terminal to the console port of a Cisco router or switch.
No comments:
Post a Comment