Routing is an important aspect of establishing a strong network that operates in different separate branches. For a business that is undergoing an expansion process such as the retail business of Super-W, such an aspect of network security must be considered seriously as it holds a great deal on retaining the integrity of the business system to which the organization is supposedly involved with. Notably, the router’s function in the network is focused on the propagation of route information hence mirroring the data towards the other network connections in form of informational packets. Due to being involved within the internet systems, the security of such a system becomes compromised, this is the reason why the utilization of routing protocols ought to be given attention to when re-establishing the already existing routing operations of the company being served herein. In the discussion that follows, a presentation on how the upgrading process of the routing infrastructure for Super-W shall be considered especially in consideration with the fact that it is currently undergoing an expansion of network due to larger scopes of operational control it needs to give specific attention to.
Process of Upgrading the Routing Infrastructure
Network systems are designed to allow peering sessions between connected computers located in remote areas. Usually though, these procedures endanger the security of the network especially when they are connected to the internet for continuous function. For the case of Super-W, the condition is quite crucial. Given that they are operated by a single server that goes out to four distribution areas which on the other hand shall support 200 retail branches, the need to establish security is a must, but is also a tedious task. Relatively the need to avoid compromising the routing information is an important aspect of the process.
To assure that the upgrading process is properly established towards the strength of the operation of the network and the organization itself, it is first suggested that a CSF (ConfigServer Security and Firewall) methodology assessment be considered. In this assessment, two particular mattes should be given attention to. One is the total visibility of the network and the complete control over its functions and connections in the later days or months, or years of its operation. In connection with total visibility, three focal matters should be given attention to; namely, neighbour authentication, routing peer definition and the route redistribution filtering. Basically, the aspect of total visibility hopes to assure that only authorized individuals and departments are able to access the data of the system. If there would be some third party users, it is expected that these individuals and/or group of individuals also are given the authority as needed when it comes to viewing “some” of the data included in the network.
On the other hand, the aspect considering complete control of the network focuses on six primary elements which include the default passive interface, the BGP TTL Security Check, the Standby devices; the element redundancy and the topological redundancy. Relatively, these considerations point out towards the need of the administrators and the primary operators of the network to create an assured secured system that would provide the best sense of control especially when it comes to noting who comes in and out of the system to gather data as needed. This shall allow the administrators to see to it that the data is only accessed by those who are authorized to see the information within the system.
This is where the need to identify trusted peers comes into useful impact on the process of assuring network protection. There are instances when some certain routing systems are established to automatically recognize every peer to be trusted. However, in the case of Super-W’s data system, it is important that everyone or every group of individuals who are allowed to access the information are to be authenticated before they are allowed to log in. Neighbour authentication handles such need. This feature involves the utilization of several routing protocols that allow the router to receive routing information from identified authorized and trusted neighbours. This is achieved through giving a certification of authenticity to each of the trusted neighbours. To do this, the establishment of a secret routing key is shared by all the trusted neighbours issued by the operator/s of the primary server of the network. Such secret key shall be embedded in the routing identity of each neighbour hence allowing them to gain passes to the integral parts of the data system of the network. The configuration of the routers usually take at least a day or two to make sure that each router is ready to be given an identity that the primary server recognizes. Update messages are also utilized to confirm certification. The trusted neighbour shall be given a secret key for confirming the authentication hence allowing it to become an acceptable member of the network giving it the chance to access information whenever necessary.
The authentication of the trusted neighbours is aimed towards avoiding peer sessions being disrupted and attacked for information leakage and other hacking procedures that are directed towards spilling out the information of the network database into unauthorized destinations. One sample of such authentication could be noted and programmed as follows:
OSPF MD5 authentication
ip address 10.139.20.1 255.255.255.0
ip ospf message-digest-key 10 md5 oursharedsecret
router ospf 20
network 10.139.20.0 0.0.0.255 area 0
area 0 authentication message-digest
The network operators could either choose a text-based secret key as an allowable certification of authentication to trusted neighbours or an image-recognition process that could provide a more reliable source of identity and recognition. Given that the Super-W network is to be involved in the internet as its main aide for connection, it could be analyzed that the more important it is for the system to include such router protection proceedings. Considerably, this matter should be given attention to in consideration with the balance that it needs between security measures and the attention towards the easy proceedings of the operation between peers utilizing the network.
On the part of peer routing procedures, it is important that peer discovery mechanisms be established. This shall assure that bogus routers would not be able to enter the network and jeopardize the function of the connections. Through confirming messages, peers that are trusted are allowed to enter the network. Without the confirmation messages being validated, the peer trying to enter the network shall not be allowed to access data and information from the system. Relatively, this protocol exists alongside neighbour authentication process. The mitigation of the IP address through the use of a validating tool shall make it easier for the server operators to identify whether or not a user shall be allowed to come in or not in the system. Hence, in identifying trusted peers, utilizing neighbour authentication protocol could be used as follows:
router eigrp 100 network 10.0.0.0 neighbor 10.139.20.1 FastEthernet0/0
Routing Protocols to be Used
Given that the Super-W network shall operate within numerous sectors, the need to use BGP TTL Security Check is suggested. This protocol prevents the occurrence of multi-hop attacks from peers. Through this protocol, the system is able to minimize the number of TTL values that are to be accepted in the network hence avoiding an overflow of information that is being used as well as prevents the occurrence of system logging due to the entrant of several numbers of users at the same time. For this consideration, the following protocol could be used:
Router(config)# router bgp as-numberRouter(config-router)# neighbor ip-address ttl-security hops hop-count
The use of iACLs is also considered which is the infrastructure protection access control lists that provides a more refined indication of how the network operators are to permit legitimate routing as well as oversee the elemental population of traffic coming in from trusted devices that are allowed to access the network’s data.
On the other end rACLs is the feature that allows the filtering of traffic data that is dedicated towards the central processor of the network route. With this protocol, unwanted traffic from non-trusted sources could be blocked hence preventing them from creating evasive programs that could ruin the structure of the network. The downside on this is the fact that rACLs cannot prevent evasive attacks from trusted sources and trusted traffic router information.
This diagram presents a considerable definition on how the entire routing infrastructure shall be established and how well it is expected to work for the sake of the protection of the system’s security even when subjected to internet-based operations and access of the data between neighbours and peers to which the server is connected to. In this diagram it is shown how the established routing connection is to be tested based on its reliability to function well for the operations of the company. Take note that in the diagram, the tests follow a context on what particular emergencies might occur during operations that could jeopardize the system. Through this test series, the network shall be prepared properly for any emergencies and becomes highly reliable for its functionality based on how much it is able to withstand extensive applications that are applied so as to ruin the connection between the server and the branches connected to it.
Dependability of Solution
The consideration over the security of the system has been presented through the plan being suggested herein. Relatively, it could be analyzed that the dependability of the solution presented herein comes from the proper application of protocols that are sure to provide good definition of how the network shall operate even in the midst of numerous trusted connections. Avoiding the entrant of non-trusted sources is also given attention to in this discussion. At this point, the diagram above shows the testing process that would impose on the reliability of the new network system that is being imposed to be applied by the administrators of Super-W in their newly expanded network system.
For organizations operating in several areas and have the need to be interconnected between each other, online technology provides a great source of ease not only for organizational system development, but also for the sake of improving communication improvement among branches that are intertwined together. However, with the huge amount of information shared openly through the internet, there is the possibility that the information opened in the worldwide web would be hacked or maliciously used for personal purposes or jeopardizing operations that could put the position of the company into a difficult condition. This is the reason why routing infrastructures being secured for the protection of the information embedded within the database is strongly suggested to be applied. Relatively, this shall increase not only the competence of the system but also the effectiveness of the service that the internet is expected to give the organization in need of direct connectivity between its branches. With effective securing procedures, the information and its integrity could be assured of being protected from any jeopardizing situations the company might not be able to control later on.
Microsoft Technet. IP Routing Infrastructure. http://technet.microsoft.com/en-us/library/cc961346.aspx. (Retrieved on February 28, 2012).
Step 5: Upgrading Your Routing Infrastructure. http://sourcedaddy.com/windows-7/step-5-upgrading-your-routing-infrastructure.html. (Retrieved on February 28, 2012).
Ash, Gerald (1997). Dynamic Routing in Telecommunication Networks. McGraw-Hill.
Huitema, Christian (2000). Routing in the Internet, Second Ed.. Prentice-Hall.