Securing Perimeter Routers have two different ways:
Ingress Filtering
Egress Filtering
Ingress Filtering
This is a technique that ensures that incoming packets are from the network are what they claim to be from.
For Ingress Filtering to work, the network has to know the IP addresses of each network it is connected to, the network has to know what it will send.
Egress Filtering
This is a practice of restricting and monitoring the information outbound's flow potentially from one network to another.
For Egress Filtering to work, it requires administrative work and policy change when there is a new application that requires external network access.
Disable Services
1) Disable bootp Server
bootp is enabled by default. When not using, the user should disable it. You can use the no ip bootp server command in global configuration mode to disable bootp on the routers.
2) Disable DNS lookup
Domain Name System lookup is enabled by default on Cisco routers and if it is not being implemented. It is advisable to disable this feature globally by using the no ip domain-lookup command.
Logging
What is logging? It is the process of using a computer to collect data through sensors, analyzing the data and save and output the results of the collection and analysis. It is commonly used in scientific experiments and in monitoring system where there is the need to collect information faster than anything that can collect information.
References:
http://www.debianadmin.com/securing-cisco-routers-by-disabling-unused-services.html
http://www.webopedia.com/TERM/D/data_logging.html
No comments:
Post a Comment