blank.gif (43 bytes)

Church Of The
Swimming Elephant

Search:
10.3.2.7 Control - Troubleshooting Problems Connected: An Internet Encyclopedia
10.3.2.7 Control - Troubleshooting Problems

Up: Connected: An Internet Encyclopedia
Up: Requests For Comments
Up: RFC 1812
Up: 10. OPERATIONS AND MAINTENANCE
Up: 10.3 Operation and Maintenance
Up: 10.3.2 Router O&M Functions
Prev: 10.3.2.6 Minimizing Disruption
Next: 10.4 Security Considerations

10.3.2.7 Control - Troubleshooting Problems

10.3.2.7 Control - Troubleshooting Problems

  1. A router MUST provide in-band network access, but (except as required by Section [8.2]) for security considerations this access SHOULD be disabled by default. Vendors MUST document the default state of any in-band access. This access SHOULD implement access controls, to prevent unauthorized access.

    DISCUSSION

    In-band access primarily refers to access through the normal network protocols that may or may not affect the permanent operational state of the router. This includes, but is not limited to Telnet/RLOGIN console access and SNMP operations.

    This was a point of contention between the operational out of the box and secure out of The box contingents. Any automagic access to the router may introduce insecurities, but it may be more important for the customer to have a router that is accessible over the network as soon as it is plugged in. At least one vendor supplies routers without any external console access and depends on being able to access the router through the network to complete its configuration.

    It is the vendors call whether in-band access is enabled by default; but it is also the vendor's responsibility to make its customers aware of possible insecurities.

  2. A router MUST provide the ability to initiate an ICMP echo. The following options SHOULD be implemented:

      o Choice of data patterns

      o Choice of packet size

      o Record route

    and the following additional options MAY be implemented:

      o Loose source route

      o Strict source route

      o Timestamps

  3. A router SHOULD provide the ability to initiate a traceroute. If traceroute is provided, then the 3rd party traceroute SHOULD be implemented.

Each of the above three facilities (if implemented) SHOULD have access restrictions placed on it to prevent its abuse by unauthorized persons.


Next: 10.4 Security Considerations

Connected: An Internet Encyclopedia
10.3.2.7 Control - Troubleshooting Problems

Cotse.Net

Protect yourself from cyberstalkers, identity thieves, and those who would snoop on you.
Stop spam from invading your inbox without losing the mail you want. We give you more control over your e-mail than any other service.
Block popups, ads, and malicious scripts while you surf the net through our anonymous proxies.
Participate in Usenet, host your web files, easily send anonymous messages, and more, much more.
All private, all encrypted, all secure, all in an easy to use service, and all for only $5.95 a month!

Service Details

 
.
www.cotse.com
Have you gone to church today?
.
All pages ©1999, 2000, 2001, 2002, 2003 Church of the Swimming Elephant unless otherwise stated
Church of the Swimming Elephant©1999, 2000, 2001, 2002, 2003 Cotse.com.
Cotse.com is a wholly owned subsidiary of Packetderm, LLC.

Packetderm, LLC
210 Park Ave #308
Worcester, MA 01609