1.5 Ensure backup data is stored and transferred securely

Information

Backups of router configuration should be secured.

Rationale:

If an attacker has access to your router configuration files they have gained a lot of sensitive information about your network topology, defenses, weaknesses, critical servers and possibly your VPN keys and login information.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

A discussion of securing your backup services is beyond the scope of this Benchmark, but at a minimum you should consider the following:

Never transfer configuration files using plain text protocols such as Telnet or FTP. Use SSH or SCP instead.

Restrict access to backups to the least number of administrative users possible.

Store offline backups in a physically secure, fire resistant, air tight safe.

Log access and changes to backups.

Secure any server that stores backups using the appropriate Center for Internet Security Benchmark.

Disable all unused services on the backup server.

See Also

https://workbench.cisecurity.org/files/3069

Item Details

Category: CONTINGENCY PLANNING

References: 800-53|CP-9, CSCv7|10.4

Plugin: Juniper

Control ID: c67ed9c1130076bb31aec7b892eec8de50d8f5f061e0a6ffc01b23a839d4ba50