Router and Switch Security Policy
Router and Switch Security Policy
Router and Switch Security Policy
1. Overview
See Purpose.
2. Purpose
This document describes a required minimal security configuration for all routers and switches
connecting to a production network or used in a production capacity at or on behalf of
<Company Name>.
3. Scope
All employees, contractors, consultants, temporary and other workers at Cisco and its
subsidiaries must adhere to this policy. All routers and switches connected to Cisco production
networks are affected.
4. Policy
Every router must meet the following configuration standards:
1. No local user accounts are configured on the router. Routers and switches must use
TACACS+ for all user authentication.
2. The enable password on the router or switch must be kept in a secure encrypted form.
The router or switch must have the enable password set to the current production
router/switch password from the devices support organization.
3. The following services or features must be disabled:
a. IP directed broadcasts
b. Incoming packets at the router/switch sourced with invalid addresses such as
RFC1918 addresses
c. TCP small services
d. UDP small services
e. All source routing and switching
f. All web services running on router
Page 1
Page 2
c. Incoming packets at the router sourced with invalid addresses, such as RFC1918
addresses, or those that could be used to spoof network traffic shall be dropped
d. Router console and modem access must be restricted by additional security
controls
5. Policy Compliance
5.1 Compliance Measurement
The Infosec team will verify compliance to this policy through various methods, including but
not limited to, periodic walk-thrus, video monitoring, business tool reports, internal and external
audits, and feedback to the policy owner.
5.2 Exceptions
Any exception to the policy must be approved by the Infosec team in advance.
5.3 Non-Compliance
An employee found to have violated this policy may be subject to disciplinary action, up to and
including termination of employment.
8 Revision History
Date of Change
Responsible
Summary of Change
June 2014
Page 3