Router and Switch Security Procedure

1.0 Purpose

This document describes a required minimal security configuration for all routers and switches connecting to a production network or used in a production capacity at or on behalf of Appalachian State University.

2.0 Scope

All routers connected to Appalachian State University production networks are affected. Routers and switches within internal, secured “network labs” are not affected.

3.0 Procedure

  1. Every router must meet the following configuration and operational standards:
  2. No local user accounts are configured on routers.
  3. The enable password must be kept in a secure encrypted form on all routers. The router must have the enable password set to the current production password.
  4. Use Network Infrastructure and Control Systems standardized SNMP community strings on routers and switches.
  5. Access rules are to be added as business needs arise.
  6. All routers connected to the production network must be operated and managed by Network Infrastructure and Control Systems.

4.0 Enforcement

Anyone found to have violated this Procedure may be subject to disciplinary action, up to and including termination of employment.

5.0 Definitions

Production Network
The "production network" is the network used in the daily business of Appalachian State University.

Lab Network
A "lab network" is defined as any network used for the purposes of testing, demonstrations, training, etc. Any network that is stand-alone or firewalled off from the production network(s) and whose impairment will not cause direct loss to Appalachian State University nor affect the production network.

6.0 Revision History