OSPF security

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

OSPF security

In addition to the security steps listed in Static routing security, you can enhance Open Shortest Path First (OSPF) security through:

  • Authentication

  • External route filters on ASBRs

Authentication

By default, OSPF interfaces on the server running Routing and Remote Access are configured to send the simple password of "12345678" in their OSPF Hello messages. The simple password helps prevent the corruption of OSPF data from an unauthorized OSPF router on a network. The password is sent in plaintext. Any user with a network sniffer, such as Microsoft Network Monitor, can capture the OSPF Hello messages and view the password.

External route filters on ASBRs

To prevent the propagation of invalid routes into the OSPF autonomous system (AS) from external sources such as RIP or static routes, you can configure autonomous system boundary routers (ASBRs) with route filters. You can configure ASBR route filters so that any route that matches a configured list is discarded, or any route that does not match a configured list is discarded.

For more information, see Configure an ASBR.

Notes

  • You can only use external route filters to filter routes from non-OSPF sources. There is no capability to filter OSPF routes within the OSPF autonomous system.

  • This feature is not available on the Itanium-based versions of the Windows operating systems.

  • This content is not available in this preliminary release.