RuggedCom RX1000 Network Router User Manual


 
Chapter 30 - Security Considerations
Chapter 30 - Security Considerations
Introduction
This chapter describes actions to take to secure the RuggedRouter.
Security Actions
1. Change the root and rrsetup passwords from the rrsetup shell, before attaching the
router to the network.
2. If RADIUS authentication is being employed, configure authentication servers.
3. Restrict the IP addresses which Web management will accept connections from.
See the Webmin menu, IP Access Control sub-menu. Restrict the Ethernet ports
which Web management will accept connections from. See the Webmin menu,
Ports and Addresses sub-menu.
4. Review the IP networking settings provided in the Network Configuration menu,
Core Settings sub-menu. You may wish to tighten some settings, especially
Ignore All ICMP ECHO requests.
5. Restrict the users that the SSH server will allow to connect. See the SSH Server
menu, Access Control sub-menu.
6. If the router is an RX1100 and you wish to use the Snort Intrusion Detection
System, activate and configure it.
7. If the router is an RX1100 and you wish to use the Gauntlet security appliance,
activate and configure it.
8. If SNMP will be used, limit the IP addresses which can connect and change the
community names. Configure SNMP to raise a trap upon authentication failures.
9. Only enable the services you need and expect to use.
10.The RuggedRouter comes with the following login banner. Replace the contents
of the file /etc/issue and /etc/issue.net in order to change it.
WARNING: You are attempting to access a private computer system. Access to this
system is restricted to authorized persons only. This system may not be used for
any purpose that is unlawful or deemed inappropriate. Access and use of this
system is electronically monitored and, by entering this system, you are giving
your consent to be electronically monitored. We reserve the right to seek all
remedies for unauthorized use, including prosecution.
11.If using a firewall, configure and start the firewall before attaching the router to the
public network. Configure the firewall to accept connections from a specific
domain.
12. Configure remote system logging to forward all logs to a central location.
RuggedCom 293