Hardening Cisco routers
As a network administrator, auditor or architect, you know the importance of securing your network and finding security solutions you can implement quickly. This succinct book departs from other security literature by focusing exclusively on ways to secure Cisco routers, rather than the entire net...
| Autor principal: | |
|---|---|
| Formato: | Libro electrónico |
| Idioma: | Inglés |
| Publicado: |
Beijing ; Sebastopol, California :
O'Reilly
2002.
|
| Edición: | 1st edition |
| Materias: | |
| Ver en Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009627185106719 |
Tabla de Contenidos:
- Hardening Cisco Routers; Audience; Conventions Used in This Book; How to Contact Us; Acknowledgments; 1. Router Security; 1.2. Routers: The Foundation of the Internet; 1.3. What Can Go Wrong; 1.4. What Routers Are at Risk?; 1.5. Moving Forward; 2. IOS Version Security; 2.2. Determining the IOS Version; 2.3. IOS Versions and Vulnerabilities; 2.3.2. IOS Naming Scheme; 2.3.3. Vulnerabilities; 2.4. IOS Security Checklist; 3. Basic Access Control; 3.2. Points of Access; 3.3. Basic Access Control; 3.3.1.2. AUX and VTY passwords; 3.3.1.3. Privileged-level access control
- 3.3.1.4. Local username access control3.3.1.5. TACACS access control; 3.3.1.6. Disabling console, auxiliary, and VTY logins; 3.3.2. TFTP Access; 3.4. Remote Administration; 3.4.2. Dial-up Access; 3.4.3. VTY Access; 3.4.3.2. SSH; 3.4.3.3. Limiting VTY access by IP; 3.4.3.4. Additional VTY settings; 3.4.4. HTTP/Web Access; 3.4.4.2. HTTP authentication; 3.5. Protection with IPSec; 3.5.2. Creating the IPSec Extended ACL; 3.5.3. Creating IPSec Transforms; 3.5.4. Creating the Crypto Map; 3.5.5. Applying the Crypto Map to an Interface; 3.6. Basic Access Control Security Checklist
- 4. Passwords and Privilege Levels4.2. Clear-Text Passwords; 4.3. service password-encryption; 4.4. Enable Security; 4.5. Strong Passwords; 4.6. Keeping Configuration Files Secure; 4.7. Privilege Levels; 4.7.2. Default Privilege Levels; 4.7.3. Privilege-Level Passwords; 4.7.4. Line Privilege Levels; 4.7.5. Username Privilege Levels; 4.7.6. Changing Command Privilege Levels; 4.7.7. Privilege Mode Example; 4.7.8. Recommended Privilege-Level Changes; 4.8. Password Checklist; 5. AAA Access Control; 5.2. Local Authentication; 5.3. TACACS+ Authentication; 5.3.2. HTTP Authentication with TACACS+
- 5.3.3. TACACS+ Authorization5.3.3.2. Command authorization; 5.4. RADIUS Authentication; 5.4.2. HTTP Authentication with RADIUS; 5.4.3. RADIUS Authorization; 5.5. Kerberos Authentication; 5.6. Token-Based Access Control; 5.7. AAA Security Checklist; 6. Warning Banners; 6.2. Example Banner; 6.3. Adding Login Banners; 6.3.2. Login Banner; 6.3.3. AAA Authentication Banner; 6.3.4. EXEC Banner; 6.4. Warning Banner Checklist; 7. Unnecessary Protocols and Services; 7.1.2. ICMP Redirects; 7.1.2.2. ICMP redirects-receiving; 7.1.3. ICMP-Directed Broadcasts; 7.1.4. ICMP Mask Reply
- 7.1.5. ICMP Unreachables7.1.6. ICMP Timestamp and Information Requests; 7.2. Source Routing; 7.3. Small Services; 7.4. Finger; 7.5. HTTP; 7.6. CDP; 7.7. Proxy ARP; 7.8. Miscellaneous; 7.9. SNMP; 7.10. Unnecessary Protocols and Services Checklist; 8. SNMP Security; 8.1.2. SNMP Version 2c; 8.1.3. SNMP Version 3; 8.2. Securing SNMP v1 and v2c; 8.2.1.2. Read-only access; 8.2.1.3. Read/write access; 8.2.2. Disabling SNMP v1 and v2c; 8.2.2.2. Disabling read/write access; 8.2.3. Limiting SNMP v1 and v2c Access by IP; 8.2.3.2. Read/write access; 8.2.4. SNMP Read/Write and TFTP
- 8.2.5. Limiting SNMP v1 and v2c Access with Views
