Your network is secure, you have firewalls protecting your data, and you are monitoring everything that is happening. But are you sure that the routing tables that are being passed around by your routers are correct? What happens if someone installs a Unix server that is running routed and it starts to send out erroneous routing information?
Routing Protocol Operation
By default, your routers will sit on the network and listen for all routing updates passed by the routing protocols (OSPF, RIP, BGP, IS-IS, EIGRP etc) that they are configured to run. They have inbuilt algorithms that tell them to prefer routes from some protocols over others, although you can usually alter this, and other algorithms that tell them which paths to prefer within a protocol. Some of these you cant change.
Most of this sorts itself out pretty reasonably, though, as long as all of the routers are configured sensibly and have the internal resources to operate properly, without excessively dropping packets due to lack of memory, for example, or losing routing updates due to high CPU utilisation. But to ensure that the routing information passed around is being sent by valid routers, you should set up some means for the routing protocols to authenticate each other, so they know that the information they are being sent can be trusted.
One of the most widely used Interior Gateway Protocols (IGPs) in use, OSPF, uses the concept of areas to allow it to scale and neighbours for the other routers it will communicate with. You can set filters on both of these to control the routes that a router in any area knows about. An Area Border Router should have area filters set to prevent it from receiving, and passing on, any maliciously injected routes. You can also configure routers to only send LSA updates to specific neighbours, so that anyone who installs an OSPF router on your network cannot receive all your routing information.
Of course you can go a long way towards ensuring that only your own routers participate in the OSPF process at all by introducing authentication. Using, typically, an MD5 hashing algorithm you configure authentication, with a key that must be used by all participating routers, on all your OSPF interfaces. Routing updates that arrive from a source that does not provide that key will be discarded.
You can add extra levels of security and stability by understanding the topology of your network and, for instance, configuring areas as OSPF stub areas with just a default route out via the ABR, if you only have one point of exit. This means that if another router did get installed that promised a better path, it would be ignored.
The Border Gateway Protocol is the backbone of the Internet today and is extensively used to connect different network domains. While large corporates will probably use BGP for scalability, for smaller organisations it is most likely found either to connect two organisations together, or to connect to the Internet if static routing will not suffice.
Like OSPF, BGP allows you to configure authentication amongst neighbouring routers - BGP peers. Particularly with its widespread use within the Internet, it is important that all routing information is valid, not just because of the impact of sending public data to the wrong place, but also because the amount of routing information must be kept to a minimum, especially for Service Provider routers that are already holding full Internet routing tables.
So, like OSPF, you should configure passwords to use between peers, so that you can be sure that the other end device sending you information is valid.
Attackers often try to compromise networks by introducing instability. Networks that appear and disappear in the routing tables will cause excessive memory and CPU usage as routing algorithms are recalculated. One excellent mechanism that BGP supports is the use of route dampening to prevent 'flapping' routes from adversely affecting the overall network stability.
Route dampening works by assigning penalties to routes in the routing table (may be one specific route, or as much as a whole class, depending on subnet prefix) which are seen to flap, i.e. disappear and reappear, either because a serial line is having problems, for instance, or because someone is injecting routes and removing them frequently.
When a route first flaps, it is given a penalty value. Every time it flaps within a set period, that value is incremented until it reaches a specified value, at which point the router suppresses the advertisement of that route to its peers. As time passes, if the route stops flapping, the penalty value will decrement until the router starts to advertise it again. By choosing the values for suppress level, reuse level and the time periods, you can effectively tune how much stability you want to enforce on your network.
Its worth noting here that if you connect to a Service Provider, they will have implemented BGP route dampening on their links to you. Its worth asking them how these are set up: if they are advertising your networks you may find that people cannot access your services because of over-aggressive route dampening parameters on their part.
Your routers are vital parts of your network: make sure that the information they use is accurate by implementing the authentication and tuning of routing updates.