Highline College

Explore Highline College

Connect with Highline College

Toggle Sliding Bar Area

Winter quarter starts Jan. 6. Class enrollment is now open to all current and new students. View the class schedule and enroll today.

Highline College Logo
Apply Now

2.1 Router and Switch Security Standard

Home/IT Security/IT Security Policy/2.1 Router and Switch Security Standard
2.1 Router and Switch Security Standard 2024-03-25T12:17:12+00:00

2.1 Router and Switch Security Standard

 

2.1.1. Overview

See Purpose.

 

2.1.2. Purpose

This document describes a required minimal security configuration for all routers and switches connecting to a production network or used in a production capacity at or on behalf of Highline College.

 

2.1.3. Scope

All employees, contractors, consultants, temporary and other workers at Highline College and its subsidiaries must adhere to this standard. All routers and switches connected to Highline College networks are affected.

 

2.1.4. Standard

Every router must meet the following configuration standards:

2.1.4.1 No local user accounts are configured on the router. Routers and switches must use RADIUS for all user authentication.

2.1.4.2 The enabled password on the router or switch must be kept in a secure encrypted form. The router or switch must have the enable password set to the current production router/switch password from the device’s support organization.

2.1.4.3 The following services or features must be disabled:

  • IP directed broadcasts
  • Incoming packets at the router/switch sourced with invalid addresses such as RFC1918 addresses
  • TCP small services
  • UDP small services
  • All source routing and switching
  • All web services running on router
  • Cisco discovery protocol on Internet connected interfaces
  • Telnet, FTP, and HTTP services
  • Auto-configuration

2.1.4.4 The following services should be disabled unless a business justification is provided:

  • Cisco discovery protocol and other discovery protocols
  • Dynamic trunking
  • Scripting environments, such as the TCL shell

2.1.4.5 The following services must be configured:

  • Password-encryption
  • NTP configured to a corporate standard source

 

2.1.5. Compliance

2.1.5.1 Compliance Measurement

ITS will verify compliance to this standard through various methods, including but not limited to, periodic walk-throughs, video monitoring, business tool reports, internal and external audits, and feedback to the standard owner.

2.1.5.2 Exceptions

Any exception to the standard must be approved by ITS in advance.

2.1.5.3 Non-Compliance

An employee found to have violated this standard may be subject to disciplinary action, up to and including termination of employment.

 

2.1.6. Related Standards, Policies, and Processes

None.

 

2.1.7. Revision History

Date By Summary