ISACA – Charlotte ChapterJune 3, 2014

Mark Krawczyk, CISA, CISSP, CCNA

• Routers and Switches direct and control much of the data flowing across computer networks.

• The services provided are critical to the proper functioning and secure operations of Corporate networks.

• Properly configured secure routers and switches can greatly improve the overall security posture of a network.

• Network devices are subject to various attacks: • Unauthorized access – compromise device, routing

tables, MAC tables. • Session hijacking - an attacker can insert falsified IP

packets after session establishment via IP spoofing.• Rerouting - manipulating router updates to cause traffic

to flow to unauthorized destinations (route injection).• Masquerading - manipulates IP packets to falsify IP

addresses.• Denial of Service (DoS) - flooding the router with traffic

or requests designed to consume all of some limited resource.

• Eavesdropping – insecure protocols, packet sniffers

• Routing is accomplished using the IP addresses of the source and destination hosts and intermediary network devices such as Routers or Multilayer switches.

• The router examines the destination network address for each packet and then checks the routing table for forwarding information.

• The routing table stores information about connected and remote networks. • Connected networks are directly attached to one of the

router interfaces. • Remote networks are not directly connected to the

router. Routes to these networks can be manually configured on the router or learned automatically using dynamic routing protocols.

• Static Routing - Routes to remote networks are manually configured on the router. A default route can be statically configured.

• Dynamic Routing- As routers become aware of changes to the networks this information is passed on to other routers. When a router receives information about new or changed routes, it updates its own routing table and, in turn, passes the information to other routers.