[c-nsp] Feedback on: Security Advice for Routers and Switches

Matthew Lange mmlange at gmail.com
Sun May 6 11:27:18 EDT 2007


Joel--
You might also consider adding the following:
* Run your configuration through the Router Auditing Tool[1], from CIS.
  This tool audits the configuration to the NSA's Router Configuration
  Guide[2]
* Implement blackhole routing on the Internet interface, using the Bogon
  list[3]
* Implement control-plane policing to prevent a DoS of the control-plane[4]
* Implement a process to upgrade IOS regularly and patch frequently

Otherwise, your presentation looks great.

Matt


[1] http://www.cisecurity.org/bench_cisco.html
[2] http://www.nsa.gov/snac/downloads_all.cfm
[3] http://www.cymru.com/Documents/bogon-list.html
[4]
http://www.cisco.com/en/US/products/sw/iosswrel/ps1838/products_feature_guide09186a008052446b.html


> Folks:
>
> I got asked yesterday to write a 45 minute lecture--due Monday!--on how to
> increase security of your network with Cisco routers and switches.
>
> I threw some slides together and would welcome any feedback.  My slides
> are due
> on Monday, so if you want to dive in and take a look, Sunday would be the
> day.
>
> Of course you can't tell exactly what's going on by just looking at the
> slides
> (for example, there's a lot of jumping back and forth between switches and
> routers), but you can get the gist...
>
> Here's the draft document:
> 	http://www.opus1.com/www/whitepapers/securityroutersswitches.pdf
>
> Any and all feedback is welcome!
>
> Thanks,
>
> jms
>
> --
> Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719
> Senior Partner, Opus One       Phone: +1 520 324 0494
> jms at Opus1.COM                http://www.opus1.com/jms
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>




More information about the cisco-nsp mailing list