Welcome to my blog
Currently Browsing: Network

How To Protect Your Cisco Device (Router, Switch)

Network security is a completely changing area; new devices like IDS (Intrusion Detection systems), IPS (Intrusion Prevention systems), and Honeypots are modifying the way people think about security. Companies are spending thousands of dollars on new security devices, but forgetting the basic, the first line of defense: the border router. Although a lot of people may think that routers don’t need to be protect, they are completely wrong. A lot of secure problems appear all time against this kind of device and most of them are vulnerable. Some information about some common security problems found on Cisco Routers, can be read on the text “Exploiting Cisco Routers”, available at: http://www.securityfocus.com/infocus/1734 In this article, I will give you 8 steps, easy to follow, to minimize your Cisco router exposure by turning off some unused services, applying some access control and applying some security options available on that. Control Access to device Restrict telnet access to it Block Spoof/Malicious packets Restrict SNMP Encrypt all passwords Disable all unused services Add some security options Log everything Control Access to your device The first thing to do is apply some rules to restrict all external access to some ports of the router. You can block all ports, but it is not always necessary. These commands bellow will protect your router against some reconnaissance attacks and, obviously, will restrict access to these ports: Cisco Router Access Lists Shell access-list 110 deny tcp any host $yourDeviceIP eq 7 access-list 110 deny tcp any host $yourDeviceIP eq 9 access-list 110 deny tcp any host $yourDeviceIP eq 13 access-list 110 deny tcp any host $yourDeviceIP eq 19 access-list 110 deny tcp any host $yourDeviceIP eq 23 access-list 110 deny tcp any host $yourDeviceIP eq 79 int x0/0 access-group in 110 12345678 access-list 110 deny tcp any host $yourDeviceIP eq 7access-list 110 deny tcp any host $yourDeviceIP eq 9access-list 110 deny tcp any host $yourDeviceIP eq 13access-list 110 deny tcp any host $yourDeviceIP eq 19access-list 110 deny tcp any host $yourDeviceIP eq 23access-list 110 deny tcp any host $yourDeviceIP eq 79int x0/0access-group in 110 Where $yourDeviceIP is your device IP and x0/0 is your external interface. We will always use this convention in this article. Restrict telnet access to it Telnet is not a very safe protocol to use, but if you really need to use it (you should always use ssh) you might want to restrict all access to it (remember that all your traffic will be unencrypted). The best way to accomplish that is using a...

Designed by İbrahim AKŞİT © 2019 | Powered by WordPress