Home » Security » How to Secure and Harden Cisco Routers – Security Best Practices

How to Secure and Harden Cisco Routers – Security Best Practices

Cisco Router is controlled thru three management Planes

What is Management Plane – The management plane manages traffic that is sent to the Cisco IOS device and is made up of applications and protocols like SSH

What is Control Plane – The control plane of a network device processes the traffic that is paramount to maintain the functionality of the network infrastructure. The control plane consists of routing protocols and applications

What is Data Plane – The data plane forwards the traffic

below are some of the features that you will need to enable to secure the router

EXEC Timeout:

Always enable the timeouts on the VTY for remote and on Console for local connections by using the following commands

line con 0

exec-timeout <minutes> [seconds]

line vty 0 4

exec-timeout <minutes> [seconds]

CDP:

CDP is a layer two protocol that is used to discover network devices and can be very beneficial for troubleshooting  issues in the network

However, it should always be disabled on the interfaces that are connected to the untrusted network like Internet

ICMP FILTERING:

ICMP is used for discovering networks and troubleshooting – it is a great that comes in very handy for ping hosts and running traces to detect the paths that packet takes , however it can be used to flood the networks – the recommendation is to only allow ICMP from the management networks and block others

 

 

 

 

 

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *

*
*