Router Security

Part three of a continuing series on network security for physical security professionals

This is the third article of a series whose purpose is to provide experienced physical security practitioners with a comfortable familiarity with key aspects of computer and network security.

Network devices in standalone security networks have not always been sufficiently protected. One way to address network security for a physical security system is to enlist the help of the IT department in designing and managing the security system’s network according to corporate network standards. In many organizations, this is a mandate for security systems that will be connected to the corporate network. It can help facilitate collaboration along that line to have a basic understanding about the work that IT does to protect network devices.

This article examines security for routers, whose function is to forward network data packets on from one network to a neighboring network, or between several interconnected networks.

Network Devices
The previous article introduced these concepts:

• Network Devices (such as switches and routers) have the primary function of managing network traffic. This means forwarding valid traffic to the appropriate next destination in the network, or not forwarding it if the traffic does not belong (such as not sending traffic for Accounting Department computers to Engineering Department computers).

• Network Management refers to the activities, methods, procedures and tools for the operation, administration, maintenance and configuration of the network equipment.

Network devices (such as switches and routers) handle the communication between computing devices (such as servers and PCs). In this article series, we use the term “computing devices” instead of “computers” because, as explained in the first article of the series, all devices on a network are computers. They have memory, processor chips, receive and send data, and take programmed actions on the data they send and receive. Instead of calling the devices “computers,” we name them based on the roles that they perform: PC, server, router, switch, firewall, and so on.
Safeguarding information involves protective measures for all of the computing devices and network devices that process, transmit or hold the information.

Information Security and CIA
Information security is concerned with three objectives regarding information, no matter what form the information takes on (physical, electronic, or human memory):

• Confidentiality: Allowing only the authorized individuals or computer systems to access the data;
• Integrity: Ensuring that information is not altered in transmission from source to destination, and that data is correct and up-to-date; and
• Availability: Making sure that information is available when needed.

These objectives are commonly referred to by the names of their initials “CIA” and sometimes as the “CIA triad” or “CIA principle.” Achieving these objectives requires both physical security and IT security (also known as computer and network security). For example, failure to provide physical access control for a network closet containing network equipment may lead to problems with all three CIA objectives. Availability can be impacted by damage to or destruction of equipment. Unauthorized access to the equipment, may result in data being copied or diverted, possibly resulting in a loss of confidentiality. IT security examines threats against computing and network devices, including routers, by how the threats could impact CIA.

This content continues onto the next page...