05-08-2019 10:18 AM - edited 05-08-2019 10:37 AM
i have a CPE router (Cisco LSR 4000 series)and i will be configure it, i also have a firewall that sits after the CPE that will handle everything
the CPE will be only connecting my network to the ISP
my question is do i have to do anything related to secure this router? except for the passwords
05-08-2019 10:58 AM
Hi,
You should still secure the router, with VTY ACL to restrict access to the router, SNMP, Syslog, Banner, AAA, Routing protocol authentication and general device hardening etc. The Cisco IOS device hardening guide has more information.
HTH
05-08-2019 11:06 AM
thanks!
05-08-2019 11:12 AM
wow this is a lot
do i need to everything in this guide ? is there a short way or list of commands to do it? i dont think i have enough time until the day of switching the router
it would be great if u provide me with short way :)
best
05-08-2019 11:27 AM
05-08-2019 11:30 AM
05-08-2019 11:38 AM
05-08-2019 11:43 AM
05-08-2019 11:47 AM
05-08-2019 11:51 AM - edited 05-08-2019 12:08 PM
so nothing left for me to configure except for
-disabling telnet and enabling SSH with ACL
-create strong passwords for acceding global, vty,...etc
-set passwords lockout time
-banners
-disable icmp
what about DDoS? i have web servers on premises but they are behind the firewall do i still need to disable ICMP from outside?
05-08-2019 12:11 PM
05-08-2019 12:14 PM
05-08-2019 12:22 PM
05-08-2019 12:26 PM
05-08-2019 12:31 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide