Technical data
Securing the Router
117342-B Rev. 00
7-3
Securing New Routers with the BCC or the Installation Script
Although you can quick-start BN and AN routers using either the BCC or the
install.bat script, the BCC provides an operational advantage if you have security
concerns.
By default, the BCC adds read-only access to the router. You must explicitly
configure write access. After you quick-start the router, you can immediately use
the BCC to change the global IP access policies and secure the router.
The install.bat script adds read-write access by default. You must then establish a
Site Manager (or other configuration tool) session before you can add additional
security for IP services.
See “Setting Global IP Access Policies with the BCC” and “Restricting
Read/Write Access with SNMP Communities” for additional information.
Setting Global IP Access Policies with the BCC
The BCC allows you to create global IP access policies for BN and AN routers
that control access to specific IP services, including Telnet, FTP, TFTP, and
SNMP.
You define a policy and its actions by setting BCC parameters. See the appendix
“Configuring Global IP Policies” in Configuring IP Utilities for more
information.
Restricting Read/Write Access with SNMP Communities
You can use either Site Manager or the BCC to control SNMP access to the router.
You should restrict read/write access to the router as soon as possible by
reconfiguring the SNMP communities.
When you add SNMP with the BCC, access is defined by default as read-only.
You should immediately add managers to control any write access you explicitly
add.