Syslog Protocol (syslog) |
|
Out-of-band (OOB) |
|
In-band |
|
Simple Network Management Protocol (SNMP) |
|
Secure Shell (SSH) daemon |
|
Simple Network Time Protocol (SNTP) |
|
Gratuitous Address Resolution Protocol (GARP) |
|
AutoSecure |
Exam Topics Covered in This Chapter: |
|
---|---|
Secure Cisco routers using the SDM Security Audit feature |
|
Use the One-Step Lockdown feature in SDM to secure a Cisco router |
|
Secure the Cisco IOS image and configuration file |
|
Use CLI and SDM to configure SSH on Cisco routers to enable secured management access |
|
Use CLI and SDM to configure Cisco routers to send Syslog messages to a Syslog server |
These exam topics are from cisco.com. Check there periodically for the latest exam topics and info.
Secure management and reporting is an integral part to a comprehensive security policy. This chapter outlines some methods to protect the confidentiality of remote sessions to the router, either by encrypting the communication or ensuring that these remote administrative sessions do not cross the cables of a hostile network. In security terms, we look at methods to separate the data plane from the management plane. We also look at ways to implement reporting in such a way as to guarantee the integrity and confidentiality of the events logged.
In the last chapter, Chapter 3, “Security at the Network Perimeter,” we took a large step toward securing the login system on the IOS router from both access and DoS attacks. We assumed that because the router was a perimeter device and, therefore, the first device that an attacker would see as they tried to crack the network, that security would start there. We didn’t finish the tasks necessary to completely harden the router from attack, choosing to defer these steps until now. Using an analogy, if our router is a knight that we deploy on the battlements of a fortress to ward against attack, doesn’t it make sense that we equip him with armor so he can protect himself as well? If he is felled by the first arrow that an attacker fires at him, we should rethink our security architecture. To that end, we will look at interactive and automated ways to both audit the router for security vulnerabilities and, more importantly, fix them based on best practices and Cisco’s recommendations.