Thursday, May 3, 2012

Secure Perimeter Routers & Disable Services & Logging


There are several ways to secure perimeter routers. This includes ingress and egress filtering. In ingress filtering, it refers to a techniques used to verify the identity of the incoming packet (Ingress filtering, 2012).

In this filtering technique, the packet that fails to get through the filtering process will be ignored by the router or resend the packet back to the sender to indicate the failure of sending such packet (Ingress filtering, 2012). One of the recommended policies for ingress rule is to drop this packet when the source IP address belongs to the internal network address (Cox, 2007).

As for egress filtering, it refers to filtering of outbound information from one network to another. By doing so, it will helps to prevent any unauthorized traffic from leaving the internal network (Egress filtering, 2012). One of the recommended policies for egress rule will be looking at the source IP address. If the source IP address is not private address, the perimeter router should drop the packet (Cox, 2007).

To prevent any attack in the network, such as port redirection, the network administrator is recommended to disable unwanted ports and services.

To ensure that accountability is uphold, logging of activities is crucial. Therefore there is a need to implement SYSLOG for logging purpose.


Figure 1 (Viewing of SYSLOG)

However Syslog must be well-protected. It is because in the last phase of attack, it will be covering of track (Graves, 2010). In this phase, the hacker might delete SYSLOG to prevent being discovered. To protect SYSLOG, the network administrator could encrypt the SYSLOG traffic within IPSec tunnel (Temasek Polytechnic, n.d.). Besides that, network administrator is encouraged to have more than one SYSLOG server to serve as backup when the default SYSLOG server’s log is lost.

References

[Use of Kiwi for SYSLOG]. Retrieved May 5, 2012, from: http://www.softmaximum.com/free/review/kiwi-syslog-daemon/5437/
Cox, C. (2007, January). Establish ingress and egress address filtering policies. Retrieved May 3, 2012, from SearchNetworkingChannel: http://searchnetworkingchannel.techtarget.com/tutorial/Establish-Ingress-and-Egress-address-filtering-policies
Egress filtering. (2012, March 18). Retrieved May 3, 2012, from Wikipedia: http://en.wikipedia.org/wiki/Egress_filtering
Graves, K. (2010, April 26). Certiļ¬ed ethical hacker. Sybex.
Ingress filtering. (2012, April 11). Retrieved May 2012, 3, from Wikipedia: http://en.wikipedia.org/wiki/Ingress_filtering
Temasek Polytechnic. (n.d.). Basic router and switch security. Singapore, Singapore, Singapore.

Posted by at

5 comments:

  1. P03 - 1101971HMay 3, 2012 at 6:29 PM

    Dear Kim Chye,

    I have read your post on Secure Perimeter Routers & Disable Services & Logging. I find it very useful especially when you talk about the reasons why"Syslog must be well-protected" I learned more about reasons like, n the last phase of attack, it will be covering of track, the hacker might delete SYSLOG to prevent being discovered, and the network administrator could encrypt the SYSLOG traffic within IPSec tunnel.

    Regards,
    Luke

    ReplyDelete
  2. Don...May 4, 2012 at 3:27 AM

    Hi Kim Chye!

    After reading your post, I have learnt what the two terms "ingress" and "egress" filtering means.

    I have also learnt that the SYSLOG is an important piece of document to protect, as it logs down and shows what changes have been made to the system. It is important to protect it as hackers will likely delete this file to destroy any traces of them coming making any changes to the system.

    Thank you for your informative post. It has helped me learnt things that I have not covered in my post about secure perimeter routers and disabling services and logging of any activity within a system.

    ReplyDelete
  3. CCD2C01-P03-1104116GMay 4, 2012 at 11:49 PM

    This comment has been removed by the author.

    ReplyDelete
  4. CCD2C01-P03-1104116GMay 5, 2012 at 1:06 AM

    Hi Kim Chye,

    Thanks for posting this. Prior to reading your post, I had trouble understanding the topic on securing perimeter routers. As I peruse the intricate subtext of what might be your magnum opus, I finally understood the esoteric allusions which you so expertly presented in contrast to the unequivocal illustration of the prime motif in this fine work of art. With this revelation I truly believe that you have reached the pinnacle of literary achievement. Consequently, my life would never be the same again. I cannot express my gratitude to you through the mere use of words, but what I can do is to provide a summary of my opinion.

    I feel that the security of the Perimeter router is largely dependent on the network administrator, and as such he or she should have proper experience and training on the matter. Through this post, I have learnt something that might be of use if I were to become a network administrator in the future.

    Thank you for the post once again and I hope to see more blog posts from you.

    Julian

    ReplyDelete
  5. CCD2C01-P03-1103362HMay 6, 2012 at 12:28 PM

    Hi Kim Chye,

    After reading your post, i now have a better understanding about the two terms "Ingress Filtering" and "Egress Filtering".

    I agree on what you said about the SYSLOG being an important document to protect, since it shows the changes made to the computer. If the hackers were to be able to delete or change the file, they would be able to make changes to the computer and get away Scot-free.

    Thank you for posting this. I have learnt a lot from your posts about this, and showed me the things i lacked in my post.

    ReplyDelete

Subscribe to: Post Comments (Atom)