Secure Perimeter Router can be in many forms. It will help to protect internal resources. It basically acts as a first line defense against security threats. We can secure the perimeter router by limiting the number of failed login attempts by typing this command “security authentication failure rate 5 log”. This will help to prevent hacker that uses brute-force method to hack through the router. We can also secure our password by typing this command “service password-encryption” to convert plain text to encrypt password. Another way to secure the router is by setting a login inactivity timer. For instance, if an administrator provides appropriate information and logs into the router, the router could become vulnerable to attack if the administrator walks away.
We can also disable unused router interfaces that it not in use. Here are some typically unused services which are BOOTP, CDP, FTP, configuration autoloading, TCP and UDP minor services etc. Despite that, we can also disable those management protocols that include SNMP, HTTP or HTTPS and also DNS. This will help to prevent hacker from using other ports to get access into the router or other devices. By disabling feature like ICMP and IP source routing will help preventing re-directing your traffic. Finger, ICMP unreachable and ICMP mask reply are techniques for probes and scans which may helps to prevent reconnaissance attacks.
Reference: http://cdn.ttgtmedia.com/searchSecurityChannel/downloads/CCNA_Security_Official_Exam_Certification_Guide_1587202204_ch03.pdf
Reference: http://cdn.ttgtmedia.com/searchSecurityChannel/downloads/CCNA_Security_Official_Exam_Certification_Guide_1587202204_ch03.pdf
No comments:
Post a Comment