One security measure that is often overlooked on networks is routing security. Even on closed networks, routing security is important and many times IT professionals overlook securing their routing protocols. Most of the time they feel that because the routing protocols can't be compromised from outside the network, then they disregard the fact that they can be just as easily compromised from inside the network if not easier. Routing security can be just as important in your security policy as anything else.
Many large networks with multiple internal subnets use routing protocols across the infrastructure to automate route path discovery. These routers rely on sending their routing tables and route information to each other to allow for proper network convergence. Setting up route protocols on the network passes this information across the network to allow other routers to receive the information. Some protocols broadcast this traffic across the network for anyone to hear. By default, routers configured with routing protocols such as RIP, OSPF, or EIGRP will automatically update their routing tables regardless of where the routing updates have come from. This means that anyone who knows what they are doing can easily forge route update packets and send them across the network to place their own routes into routers on the corporate infrastructure.
This is why routing security is important. Imagine allowing an attacker to update the routes on your network to pass all traffic destined for one IP address to another network completely. This allows for easy hijacking of a complete network or to completely shutdown the network with a denial of service attack.
With proper routing security you can help control this problem on the network. For one, most current generation routing protocols allow for authentication to take place. For example, with EIGRP you can create an authentication key and use that key to authenticate routers on the network. When a router receives routes with the proper authentication key, only then will it allow the routes to update the routing table. If the router receives routes that do not have the right authentication key, it just ignores them.
It is also important to note that if you are using a routing protocol on your network, ensure that you are using a current generation protocol and not an obsolete protocol like RIP. Most of the newer protocols like EIGRP will only send routing table information when routes on the network change. This helps alleviate the issue of sending route information across the network for anyone to grab with a sniffer. Another method to help prevent that is to create a distribution list so that the routes only get sent to specific routers in a unicast fashion.
Routing security, while often overlooked, should be an important part of your network security policy. A little common sense and some basic knowledge on routing protocols can really help you secure your route infrastructure to prevent attacks from inside the network from occurring.
Aaron Guhl is an IT professional that specializes in security. He frequently writes on his blog regarding security issues to help IT professionals get a better understanding of security in their networks. Visit his website at: Routing Security
