Chapter 27 – Security Considerations

Chapter 27 – Security Considerations

Introduction

This chapter describes actions to take to secure the RuggedRouter.

Security Actions

1.Change the root and rrsetup passwords from the rrsetup shell, before attaching the router to the network.

2.If Radius authentication is being employed, configure authentication servers.

3.Restrict the IP addresses which Web management will accept connections from. See the Webmin menu, IP Access Control sub-menu. Restrict the Ethernet ports which Web management will accept connections from. See the Webmin menu, Ports and Addresses sub-menu.

4.Review the IP networking settings provided in the Network Configuration menu, Core Settings sub-menu. You may wish to tighten some settings, especially Ignore All ICMP ECHO requests.

5.Restrict the users that the SSH server will allow to connect. See the SSH Server menu, Access Control sub-menu.

6.If the router is an RX1100 and you wish to use the Snort Intrusion Detection System, activate and configure it.

7.If the router is an RX1100 and you wish to use the Gauntlet security appliance, activate and configure it.

8.If SNMP will be used, limit the IP addresses which can connect and change the community names. Configure SNMP to raise a trap upon authentication failures.

9.Only enable the services you need and expect to use.

10.The RuggedRouter comes with the following login banner. Replace the contents of the file /etc/issue and /etc/issue.net in order to change it.

WARNING: You are attempting to access a private computer system. Access to this system is restricted to authorized persons only. This system may not be used for any purpose that is unlawful or deemed inappropriate. Access and use of this system is electronically monitored and, by entering this system, you are giving your consent to be electronically monitored. We reserve the right to seek all remedies for unauthorized use, including prosecution.

11.If using a firewall, configure and start the firewall before attaching the router to the public network. Configure the firewall to accept connections from a specific domain.

12. Configure remote system logging to forward all logs to a central location.

RuggedCom

265

Page 267
Image 267
RuggedCom RX1100, RX1000 manual Security Considerations, Security Actions