Router

Purpose

A Router object is used to represent a gateway between Networks. A Router with no Firewall connected to is is regarded as a network bridge or a switch/hub. To add restrictions to it, please add a Firewall object. A router must be connected to an administrative network zone to define what network zone the administrator needs to be connected to in order to change the Router configuration.

Connections

Router and Neighboring Objects
Router and Neighboring Objects

 

ObjectConnectionDescriptionFunction
NetworkAdministrationTells which network you need to be on in order to perform administration on the Router.A missing router between Networks indicates that there is no communication between them.
NetworkConnectionUsing Connection instead of Administration makes only regular traffic possible, i.e. Dataflows to pass if allowed, not logging in to the Router.A missing router between Networks indicates that there is no communication between them.
FirewallFirewall ExecutionThe Firewall object is connected to a Router object to show that the Router has restrictions regarding what communication may traverse it.Can prevent Forwarding.
DataflowCommunicationAn association to a Dataflow object indicated that the router is allowing the dataflow to travel from one network to another network.A missing Dataflow association prevents data from passing through the router when the Router is connected to a Firewall.
IDSNIDS ExecutionConnection to an IDS denotes that the traffic passing through the Router is inspected by an IDS on a network level (NIDS).A missing IDS will reduce the time needed to attack through unencrypted Dataflows.
IPSIPS ExecutionA connection to an IPS denotes that the IPS is actively trying to prevent intrusions via all unencrypted Dataflows passing through the Router.A missing IDS will reduce the time needed to attack through unencrypted Dataflows.
AccessControlAuthorizationDenotes that there is a login prompt for accessing the Router.The login prompt is reached from a Network, connected to the Router, with an Administration association. Both root and non-root UserAccount compromise leads to compromise of the Router. A missing AccessControl will result in immediate compromise from the "administration" network.

Attack Steps and Defenses

Router Attack Steps and Defenses
Router Attack Steps and Defenses

 

Attack StepDescriptionLeads to
CompromiseThe attacker has been able to take over the Router and can now control it.Router: DenialOfService
Network: Compromise
Dataflow: Access
Firewall: Compromise
DenialOfServiceNo data can flow through the Router due to a denial of service attack.Network: DenialOfService
ForwardingThe attacker is able to add his own rules to the Router.Network: Compromise

 

DefenseDescriptionDefault
NoneThere are no defenses associated with the Router object.n/a