According to the book of CCNA,static Routing is more secure then
dynamic Routing. I don't understand how is this possible?

Can any senior member of this forum explain it in detail.

Thanks

Static routing is more secure than dynamic routing simply because only you would be able to change the routes and not some run away router sending false routing tables.

HTH.

I don't understand, what do you mean by run away router?
how can that router send false routing table?

In an ideal world, the only network infrastructure on your network would be those you have total control over. That is not usually the case, and that's why there are many security concerns on networks.

It's entirely plausible for a malicious user to pretend to be a router and send false routing information to all of your core routers. This could easily grind your network to a halt. If no routing protocols are being populated among your routers (static routes) the routing tables cannot be altered dynamically.

Fuzz,

I didnot understand by this saying "If no routing protocols are being populated among your routers (static routes) the routing tables cannot be altered dynamically".

what do you mean by this?

All dynamic routing protocols are built around an algorithm.

For example, what should router A do with the updates from B and C after it has recorded the information in the route table?
Should it, for instance, pass B's routing information packet to C and pass C's packet to B? It would be easier for a hacker to put a route in the path and divert traffic or at least mess up your network.

Static route say, to get from A to B, you must can only take this path.

HTH.

Fuzz,

I didnot understand by this saying "If no routing protocols are being populated among your routers (static routes) the routing tables cannot be altered dynamically".

what do you mean by this?

Dynamic routing protocols (RIP, EIGRP, OSPF etc) send each other updates so that the whole topology can be aware of each other and create a routing table. If you use entirely static routes, no updates are sent, so the table cannot be updated dynamically.

All dynamic routing protocols are built around an algorithm.

For example, what should router A do with the updates from B and C after it has recorded the information in the route table?
Should it, for instance, pass B's routing information packet to C and pass C's packet to B? It would be easier for a hacker to put a route in the path and divert traffic or at least mess up your network.

Static route say, to get from A to B, you must can only take this path.

HTH.

So you mean to say that a hacker cannot penetrate if I get from A to B using Static route? I hope my question is clear.

Big Evil,

I was not able to understand your explanation about security in Static Route. Why can't the hacker hack the static route from A to B?

If you have a static route you are saying to get to site B, you must/can only get there via this path (that could IP or interface).
If someone was to try and change the path the router would just drop the packets.

If you have a RP, like say EIGRP that get its information from other routers (routing by rumor), if a path is injected in to EIGRP table that claims to have a better path to site B, the router sending the packets would change the direction and router via the better path.

Does this help?

In an ideal world, the only network infrastructure on your network would be those you have total control over. That is not usually the case, and that's why there are many security concerns on networks.

It's entirely plausible for a malicious user to pretend to be a router and send false routing information to all of your core routers. This could easily grind your network to a halt. If no routing protocols are being populated among your routers (static routes) the routing tables cannot be altered dynamically.

Ok,so hackers can only get a chance to modify the route or send false
routing information if he is able to change the routing table information.
Static Routing doesnot give chance to these hackers to change any information in the route.

Yes, what a hacker would do is get an IP from say a trace route and try and hack that router, then change then path.