| This chapter covers the concept of securing the most common elements of today's networks IOS-based routers and switches. The chapter prepares the Netadmins for the following tasks: Improving password security for IOS devices Detecting and turning off unneeded services and features on IOS devices Discovering vulnerabilities and configuration errors in IOS devices Configuring IOS devices in accordance with industry best practices Configuring CatOS switches in accordance with industry best practices
Table 8-3 lists the tools that are relevant to securing Cisco routers and switches. Table 8-3. List of Device Security ToolsTool | Function | Supported OS | URL/Notes |
|---|
Cain & Abel | IOS password recovery | MS-Windows NT, 2000, XP | http://www.oxid.it | GetPass | IOS password recovery (Type 7 only) | MS-Windows NT, 2000, XP | http://www.boson.com | Nmap | Port scanning and OS detection | Linux, MS-Windows | http://www.nmap.org | Nessus | Vulnerability scanning | Linux, MS-Windows | http://www.nessus.org | RAT | Securing IOS devices | Linux, MS-Windows | http://www.cisecurity.org | SDM | Securing IOS devices | MS-Windows (Java-enabled web browser) | http://www.cisco.com/go/sdm | Cisco ISP Essentials | IOS security features and configuration tips based on Cisco TAC's experience; a good source of information | | http://www.cisco.com | Cisco IOS Switch/Router Security Configuration Guides | Step-by-step guidelines for securing Cisco routers and switches | | http://www.nsa.gov | Best Practices for Catalyst Series Switches Running Cisco IOS Software | Cisco TAC recommended best practices for Cisco Catalyst switches | | http://www.cisco.com |
|