Networking Channel Update

Digg This!     StumbleUpon     Del.icio.us

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Routing and Switching Channel Explained: Data center design for networking VARs Router and switch upgrades: Five reasons your customer should invest How to troubleshoot five common routing errors Open source router operation considerations Securing a Cisco router How to choose the best router for your customer Network Security Networking resellers need new skills for physical security convergence Partners to see stimulus package benefits, but not without challenges Channel Chat: Can there be true White House mobile device security? Daemonlogger for packet capture and redirection Network security monitoring: Know your network Cisco Security Device Manager Overview Configuring privilege levels Password-protecting a router CCNA Security - Defending the perimeter Cisco CCNA Security certification Q&A Network Infrastructure 10 gigabit Ethernet offers opportunities for VARs and integrators Wireless VARs struggle with inventory back orders from WLAN vendors Scenarios for meeting customer network design requirements Network budgets to grow in 2010, but VARs must deliver solutions Cisco and ProCurve channel partners squeezed in price war Despite Avaya deal, Nortel partners must sell themselves to customers Nortel partners have a lot of explaining to do to calm customers Cisco boosts small business products and programs for channel partners Networking VARs could grab smart grid stimulus bill funding Channel Explained: Data center design for networking VARs

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

a challenge if you're administering the box long-term, in which case an authentication system like ACS with TACACS+ or RADIUS needs to be set up. (For help configuring these features on Cisco routers, search for "AAA".) In some cases, your customer may want you to configure the boxes but turn over management responsibilities. If this is the case, advise customers about secure access best practices and make sure they have such an authentication system, or propose adding one to the scope of your project.

[IMAGE] Implement configuration control

[IMAGE] Configuration control for routers is just as important as secure access; it allows both resellers and customers to know what was changed and who changed it. Regardless of who controls the customer's network device configurations -- you or the customer -- a configuration management system lets changes be tracked so that problems can be identified and downtime can be reduced if a network device crashes and needs to be restored.

[IMAGE] Limit exposure to code exploits

[IMAGE] Limiting exposure to all the various flavors of exploits -- such as the ever-popular buffer overflow -- means turning off all services that aren't required and will help secure the network device. Discuss requirements, including functions the router should perform, while consulting with the customer. If a function isn't on the list, turn off that feature on the routers. Not only does this keep customers from continually scope-creeping your project by asking you to configure a never-ending list of features, but it gives you a business basis for security policies.

[IMAGE] Secure routing protocols

[IMAGE] Protecting the functionality and availability of routers means securing the routing protocols the router uses to communicate with other routers and to make forwarding decisions.

[IMAGE] Probably the easiest attack vector for IP networks is to inject bad routes into the network or to disrupt neighbor relationships to cause the routers to reconverge. You can prevent this by configuring the security features of the routing protocols. One such security feature allows routers to authenticate each other so that rogue routers can't participate by advertising routes or by fabricating spoofed packets that attempt to reset the connection.

[IMAGE] This type of security feature is fairly straightforward. However, routing protocols usually need to be configured consistently across the entire network. Often, the scope of your project may only address a small portion of a customer's network. In such a case, you can either pitch additional business to apply the configurations throughout the network or clearly document that you and your customer discussed the exposure of leaving the routing protocols unsecured and decided to accept the risk.

[IMAGE]Implement a patch management strategy

[IMAGE] Most network device manufacturers release updates with security fixes on a fairly regular basis. If you're managing your customer's routers, you hopefully have patch management under control. However, if a customer chooses to do this themselves (which probably means it's not being done at all) then it could be a business opportunity. Consider sending customers a courtesy email to let them know when updates are available and whether or not the included fixes apply to their network. It will show customers you have something to offer and may result in follow-on work.

About the author
Tom Lancaster, CCIE# 8829 CNX# 1105, is a consultant with 15 years of experience in the networking industry. He is co-author of several books on networking, most recently, CCSP: Secure PIX and Secure VPN Study Guide, published by Sybex.

Rate this Tip To rate tips, you must be a member of SearchNetworkingChannel.com. Register now to start rating these tips. Log in if you are already a member. DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.