Router is a device which extracts the destination address from the incoming packet and sends it to the destination through the optimal path. Directing data between portions of a network is the purpose of a router.
Routers operate at the Network layer of the OSI model. They pass traffic between two different IP networks which may be either LANs or WANs
A poor router filtering configuration can reduce the overall security of an entire enclave, expose internal network components to scans and attacks, and make it easier for attackers to avoid detection .
Proper use of router cryptographic security features can help protect sensitive data, ensure data integrity, and facilitate secure cooperation between independent enclaves.
Subscribe to alert services provided by manufacturer of the networking hardware so that we are up to date with both security issues and service patches. This can fix the known security vulnerabilities.
Disable Unused Interfaces- Only required interfaces should be enabled on the router. Unused interface might expose you to unknown attacks on those interfaces.
Consider Static Routes- Static routes prevent specially formed packets from changing routing tables on your router. An attacker might try to change routes by simulating a routing protocol message to cause denial of service or to forward requests to a rogue server
Most routers have a logging facility and can log all deny actions which would show intrusion attempts. Modern routers have an array of logging features that include the ability to set severities based on the data logged.
With restrictions in place at the router to prevent TCP/IP attacks, the router should be able to identify when an attack is taking place and notify a system administrator of the attack.
Subscribe to alert services provided by manufacturer of the networking hardware so that we are up to date with both security issues and service patches. This can fix the known security vulnerabilities .
Virtual LANs allow you to separate network segments and apply access control based on security rules. Using ACL's between VLANs provides an intermediate level of protection by blocking internal intrusions from within the enterprise while intrusions from outside are already blocked by the border network.
Although it is not traditionally implemented at the switch, data encryption over the wire ensures that sniffed packets are useless in cases where a monitor is placed on the same switched segment or where the switch is compromised, allowing sniffing across segments.