The first step is to place these systems squarely within the network vulnerability management process. This includes running authorized scans of the routers with an account that’s able to access the system and determining what risks are present within the router. These risks could be out-of-date patches, running insecure protocols, being versions behind on images and so on. Getting a solid risk assessment of your routers on a scheduled basis can help you to get a foothold on where your risks are and what needs to change, all while being tracked as metrics.
Along the same lines, there are tools that can connect to network equipment and review router configurations and rule sets for security and compliance checks. This is a higher level of network device security than vulnerability management, since it reviews the rule set of the device and makes recommendations based on best practices. It’s something to strive for, but verifying that the routers are free from vulnerabilities should be the first priority. Read the rest of my article at the link below:
This is a Security Bloggers Network syndicated blog post authored by Matthew Pascucci. Read the original post at: Frontline Sentinel