Security considerations, Introduction, Security actions – RuggedCom RuggedRouter RX1100 User Manual

Page 322

Advertising
background image

35. Security Considerations

Revision 1.14.3

322

RX1000/RX1100™

35. Security Considerations

35.1. Introduction

This chapter describes actions to take to secure the RuggedRouter.

35.1.1. Security Actions

1.

Change the root and rrsetup passwords from the rrsetup shell, before attaching the router to
the network.

2.

If RADIUS authentication is being employed, configure authentication servers.

3.

Restrict the IP addresses which Web management will accept connections from. See the
Webmin menu, IP Access Control sub-menu. Restrict the Ethernet ports which Web
management will accept connections from. See the Webmin menu, Ports and Addresses
sub-menu.

4.

Review the IP networking settings provided in the Network Configuration menu, Core
Settings sub-menu. You may wish to tighten some settings, especially Ignore All ICMP ECHO
requests.

5.

Restrict the users that the SSH server will allow to connect. See the SSH Server menu,
Access Control sub-menu.

6.

If the router is an RX1100 and you wish to use the Snort Intrusion Detection System, activate
and configure it.

7.

If the router is an RX1100 and you wish to use the Gauntlet security appliance, activate and
configure it.

8.

If SNMP will be used, limit the IP addresses which can connect and change the community
names. Configure SNMP to raise a trap upon authentication failures.

9.

Only enable the services you need and expect to use.

10. The RuggedRouter comes with the following login banner. Replace the contents of the file /

etc/issue and /etc/issue.net in order to change it.

WARNING: You are attempting to access a private computer system. Access to this system
is restricted to authorized persons only. This system may not be used for any purpose that is
unlawful or deemed inappropriate. Access and use of this system is electronically monitored
and, by entering this system, you are giving your consent to be electronically monitored. We
reserve the right to seek all remedies for unauthorized use, including prosecution.

11. If using a firewall, configure and start the firewall before attaching the router to the public

network. Configure the firewall to accept connections from a specific domain.

12. Configure remote system logging to forward all logs to a central location.

Advertising
Popular Brands
Popular manuals