Securing Management and Reporting
Features
In addition to securing the router itself, it is also important to secure the
traffic used to manage the device and collect statistical information from it.
Types of Management Traffic
In-band management traffic flows inside the production network and is intermixed
with production traffic. Although common in most networks, the risk
of in-band management is that an attacker who compromises a system on the
production network could interfere with management traffic, capture sensitive
information from management packets, or mount further attacks against
network management protocols. With in-band management, you should use
encrypted protocols such as IPsec, SSH, or Secure Sockets Layer (SSL)
rather than clear text protocols such as Telnet.
Out-of-band management traffic flows on an independent, purpose-built
network and is kept totally separate from production traffic. Completely
out-of-band management networks are most common in large networks.
With both types of management, you should ensure that the managed
devices have synchronized clocks and that configuration archives and change
logs are available