router Security Hardening Policies

Before configuring security hardening on a router, you need to be familiar with the following information, which reminds you not to mechanically follow the security hardening policies listed in this document.

Security must be hardened continuously and can never be achieved once and forever. Any attempt to achieve permanent security using a single policy or through one-off security hardening configuration will fail.

Before implementing security hardening procedures, complete the following steps:

• Gain an in-depth understanding of service requirements. Security is always service-oriented. An appropriate security policy can be developed only after the security protection requirements of service system are clearly understood.
• Carry out a comprehensive risk evaluation. Find where the weak points in the system are, balance the value of a service system against the costs of security hardening, and comprehensively evaluate security risks in real time. Provide prevention and protection measures against unacceptable security risks. Treat acceptable risks as outstanding and periodically review these risks throughout the life cycle of the service system to determine whether it is necessary to reevaluate its risk level.
• Design security hardening solutions. On the basis of comprehensive risk evaluation, design appropriate security hardening solutions that can meet the service requirements and bring desired benefits at a low cost. Security is ensured by design instead of configuration. Every security hardening engineer should understand this rule.
• Evaluate the impact if security hardening policies are enforced, which helps prevent service loss.

After completing security hardening, continuous monitoring and maintenance on the service system are required, which can help locate faults promptly, adjust security hardening policies, and ensure that the policies have taken effect as expected.

To sum up, security hardening is a process requiring continuous improvement.