Chapter Summary
This chapter discussed ways and places in which you can use a router with a deeper purpose than it might have been implemented with. To this end, the chapter examined how you can use a router to prescreen your network as a choke point of entry. The next level was to have the router act as a more advanced packet inspection tool through the use of the Cisco IOS Firewall Feature Set coupled with the intrusion detection feature. Both of these advanced technologies are not a replacement for dedicated devices of the same kind; however, they do offer a higher level of security in your network by adding additional layers of inspection and protection.
Next, the chapter focused on some of the more fundamental methods you can use immediately to secure the router itself. This information was presented in a real router configuration file, thus giving you a point of reference when comparing your router configurations with the suggestions provided here. The chapter concluded with an introduction to securing the routing updates within your network and the best practice methods to do so.
You can find additional resources on security at the following locations:
• “Increasing security on IP Networks”: An old but essential document on some of the essentials to security and IP-based networks: www.cisco.com/en/US/docs/internetworking/case/studies/cs003.html.
• Cisco Security Intelligence Operations: An online list at the Cisco website of all its security advisories, including tutorials and details about how to protect yourself from some of the worst vulnerabilities on the Internet today (Cisco.com account required for some features) available at http://tools.cisco.com/security/center/home.x.
• The BRST - Border Router Security Tool: A web-based utility for generating secure configuration files for Cisco routers in a border configuration. The administrator fills out a web form, clicks submit, and receives a router config file: http://sourceforge.net/projects/borderroutersec// or if you want to try it out already on a web server for you.
• BRST - Border Router Security Tool Questionnaire: A web-based utility for generating a secure configuration for Cisco routers. It is primarily designed to be used for border routers in small to medium-sized companies but the concepts can be applied to larger internal routing infrastructures: http://borderroutersec.sourceforge.net/.