Slashdot Mirror

← Back to Stories (view on slashdot.org)

8 Steps To Protect Your Cisco Router

Posted by timothy on from the tightening-up dept.

Daniel B. Cid writes "I wrote the article '8 steps to Protect your Cisco router' (PDF). This small text gives to the reader eight steps (very easy to understand) showing how minimize your Cisco router exposure, by turning off some unused services, applying some access control lists and applying some security options available on that."

1 of 31 comments (clear)

  1. Anti-spoofing section by Zocalo · · Score: 3, Insightful
    Pretty good primer for all the newbies out there, which is a good thing - we need to create some links and mirrors to get the thing high up on the Google rankings! One thing thing though; in the anti-spoofing section you might want to add the line:

    access-list 111 deny ip 169.254.0.0 0.0.255.255 any

    which is used for APIPA ("Automatic Private IP Addressing", the serverless "DHCP" thing) which a lot of people overlook. Also, while looking for that I spotted that you have the wrong subnet masks for 172.16.0.0 (it's a /12 not a /16) and 192.168.0.0 (it's a /16, not a /8), so you should have:

    access-list 111 deny ip 172.16.0.0 0.15.255.255 any
    access-list 111 deny ip 192.168.0.0 0.0.255.255 any

    Couldn't see anything else obvious to suggest, but I've only scanned it so far.

    --
    UNIX? They're not even circumcised! Savages!