Backups of a routers configuration may be necessary when recovering from physical
hardware failure, administrative errors or a successful attack. Preserving the evidence of
an attack may also be necessary for regulatory compliance, forensic investigation or
prosecution of the attacker.
By default, JUNOS routers save a local backup copy of your configuration every time you
commit (save) a change. JUNOS maintains the 50 previous configuration files, 4 on theRouting Engines Flash drive and the remainder on the hard disk.
This provides a useful method to recover from many types of fault or error, however an
attacker will, potentially, be in a position to compromise these backups along with the
active configuration, so it is vital that you also keep a remote configuration backup
beyond the attackers reach.
Remediation:
A discussion of all possible backup methods is beyond the scope of this Benchmark.
Consider the Archival section of this Benchmark for one method of obtaining remote
backups whenever your configuration is changed.
Alternatively CVS tools such as RANCID provide an method to backup and configuration
files from a central location as well as keeping track of changes over time.
Also consider a method of maintaining offline copies of your backup data, such as tape
storage. This provides a vital tool in Disaster Recovery and is also extremely helpful when
recovering from a successful attack, as you can be certain that the attacker was unable to alter the offline version.
No comments:
Post a Comment