Home page logo
/

basics logo Security Basics mailing list archives

RE: Locking Cisco Router
From: David Alejandro Hernandez Alonso <david.hernandez () corp terralycos com>
Date: Wed, 27 Nov 2002 09:48:28 -0600


Theres a great cisco document called "Essential IOS Consideration Every ISP
Should Consider" and covers unused services, NTP, security, routing
protocols, ACLs, etc.

You can find it here
http://www.cisco.com/public/cons/isp/documents/IOSEssentialsPDF.zip

Regards!

David Hernandez.


-----Original Message-----
From: d'Ambly, Jeff [mailto:jdambly () monster com]
Sent: Tuesday, November 26, 2002 2:55 PM
To: 'Vachon, Scott'; 'Dozal, Tim'; 'security-basics () securityfocus com'
Subject: RE: Locking Cisco Router 


        I personally don't like the idea of having to pull out the NVRAM. 
        
I would just configure a user mode password for the console and AUX ports.
Any way here are some awesome links on how to secure cisco IOS routers and a
good secure BGP config to boot as well. I would be VERY carefule with these
configs some of the things that it suggests may not fit your network.

http://www.cymru.com/Documents/secure-ios-template.html

http://www.cymru.com/Documents/secure-bgp-template.html


-----Original Message-----
From: Vachon, Scott [mailto:Scott.Vachon () Paymentech com] 
Sent: Tuesday, November 26, 2002 8:44 AM
To: 'Dozal, Tim'; security-basics () securityfocus com
Subject: Locking Cisco Router 

If you have physical access you can still open the box pull the NVRAM
and your back in business.
in response to: What about physically disabling all the external ports ?

If you pull the NVRAM and place it in another router ? Otherwise I don't
understand after you physically disable (remove ) the external ports, how
you could work around it ?

~S~
  
Learn more about Paymentech's payment processing services at
www.paymentech.com
THIS MESSAGE IS CONFIDENTIAL.  This e-mail message and any attachments are
proprietary and confidential information intended only for the use of the
recipient(s) named above.  If you are not the intended recipient, you may
not print, distribute, or copy this message or any attachments.  If you have
received this communication in error, please notify the sender by return
e-mail and delete this message and any attachments from your computer.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault