Date of Issue: 03-01-2023 Rate this Study Guide

Security on Cisco Routers

by David Wolsefer

Controlling Interactive Access
  Enable Secret
  Service Password-Encryption
    Comparing Radius and Tacacs
  Console Port
  Aux Port
  Virtual Access
  Warning Banners
  Core Dumps
  Logging Access List Violations
    Basic NTP Configuration
  SNMP Traps and Management
Securing Interior IP Routing
    Using Access-lists for Anti-spoofing
    Using CEF and RPF to Check for Spoofing
  Eliminating Directed Broadcasts
  Access Lists
    Ingress Access Lists
    Egress Access Lists
    Turbo Access Lists
  Path Integrity
    CEF and IP Unicast Verify Reverse-Path
    IP Source Routing
    ICMP Redirects
    Route Authentication
Securing Exterior IP Routing
    Prefix Lists
    MD5 Authentication
    Route Dampening
    Reverse Path Verification
  Black Hole Routes
  No IP Unreachables
  No IP Proxy-ARP
  No IP Redirects
  No IP Mask-reply
Flood Management
  TCP Intercept
  Rate Limiting ICMP, UDP, and Multicast
  Unicast Verify Reverse Path
  SYN Flood Attack
  DDoS Attack
  Process Table Attack
  SMURF Attack
  Fraggle Attack
  Land Attack
  Router Self-protection
Unnecessary Services
  SNMP (see above for traps, etc.)
  TCP and UDP "Small Services"
  IP Source Routing
  Domain Lookup
  CDP (arguments pro and con)
  TFTP (must be present under some circumstances)
Putting It All Together

Copyright © 2002 Genium Publishing Corporation