Hardening Cisco Routers (O'Reilly Networking)

The great thing about this book is that you can approach it in either of two ways. If you just want to clamp down on your routers' security weaknesses as soon as possible, you can begin with the checklists at the end of each chapter (each of which focuses on a particular area, like SMTP) or the big one in an appendix, which is comprehensive. These checklists include both "how" and "why" information, as exemplified by "Disable ICMP broadcasts with the no ip directed-broadcast command." If you want more information on the big picture, or want to prepare for a specific kind of attack, read the individual chapters for detailed advice on how to set IOS to behave as you want. --David Wall

Topics covered: Internetwork Operating System (IOS) commands you can use to protect Cisco Systems routers from a variety of attacks. Specialized sections deal with security assessment, auditing, access control, privileges, optional services, and the legal importance of your login banners' contents.

Product Description
As a network administrator, auditor or architect, you know the importance of securing your network and finding security solutions you can implement quickly. This succinct book departs from other security literature by focusing exclusively on ways to secure Cisco routers, rather than the entire network. The rational is simple: If the router protecting a network is exposed to hackers, then so is the network behind it. "Hardening Cisco Routers" is a reference for protecting the protectors. Included are the following topics:

The importance of router security and where routers fit into an overall security plan

Different router configurations for various versions of Cisco's IOS

Standard ways to access a Cisco router and the security implications of each

Password and privilege levels in Cisco routers

Authentication, Authorization, and Accounting (AAA) control

Router warning banner use (as recommended by the FBI)

Unnecessary protocols and services commonly run on Cisco routers

SNMP security

Anti-spoofing

Protocol security for RIP, OSPF, EIGRP, NTP, and BGP

Logging violations

Incident response

Physical security

Written by Thomas Akin, an experienced Certified Information Systems Security Professional (CISSP) and Certified Cisco Academic Instructor (CCAI), the book is well organized, emphasizing practicality and a hands-on approach. At the end of each chapter, Akin includes a Checklist that summarizes the hardening techniques discussed in the chapter. The Checklists help you double-check the configurations you have been instructed to make, and serve as quick references for future security procedures.

Concise and to the point, "HardeningCisco Routers" supplies you with all the tools necessary to turn a potential vulnerability into a strength. In an area that is otherwise poorly documented, this is the one book that will help you make your Cisco routers rock solid.