Contact Us

Routing and Switching

January 1st, 2023

by: Alexa Stram

Research Team

Secure Routing and Switching

Routing and switching are the basic functions of network communication. The function of switching is to switch data packets between devices on the same network (or same LAN - Local Area Network). The function of routing is to route packets between different networks (between different LANs - Local Area Networks).

Routers and switches are the building blocks for all business communications from data to voice and video to wireless access. They can improve a company's bottom line by enabling your company to increase productivity, cut business costs, and improve security and customer service.

Router Security

Router Security Do's:

  • Physically secure the routers
  • Lock down the router with passwords
  • Apply login mode passwords on Console, AUX, and VTY (telnet/ssh) interfaces
  • Enable proper logging
  • Back up router configurations to a central source
  • Secure other network devices such as switches and wireless access
  • Configure maximum failed authentication attempts
  • Set the correct time and date

Router Security Don'ts:

  • Use WEP security
  • Use WPA/WPA2-PSK
  • Trust hidden SSIDs
  • Trust MAC address filtering

Common Routing Security Vulnerabilities:

  • Firmware vulnerabilities
  • Credential hacking
  • Abuse of device misconfiguration
  • Vulnerabilities of outdated technologies
  • Insider threats
  • Denial of Service (DOS)
  • Packet Mistreating Attacks (PMA)
  • Routing Table Poisoning (RTP)
  • Hit and Run (HAR)
  • Persistent Attacks (PA)
  • Information theft

Switch Security

Switch Security Do's:

  • Configure maximum failed authentication attempts
  • Use a dedicated management network
  • Always use SSH or HTTPS for remote access
  • Disable unused ports and services
  • Enable port security
  • Set up VLANs to segment traffic
  • Configure your switch as a DHCP server
  • Implement 8021X authentication
  • Monitor the network with NAC

Switch Security Don'ts:

  • Rely on basic switch security to stop malicious attacks
  • Use VLANs for security
  • Leave unnecessary services enabled on your switch

Common Switch Security Vulnerabilities:

  • Authentication bypass
  • Remote code execution
  • Command injection
  • ARP spoofing attacks
  • MAC based attacks
  • Spoofing (DHCP / ARP) attacks and STP attacks
  • VLAN based Attacks