We wanted to check whether any malicious attempts can be made by anyone to our router via anyother method bypassing local user/tacacs user. some suspicious activity is happening in our network. But its not logged anywhere.. 

SSH/Telnet, Console, SNMP, compact flash, Smart Install.

ssh/telnet/console access is via ise and SNMP RW also blocked. Is there any other ways that outsiders may come remotely?

---

@asw_25 wrote:
Is there any other ways that outsiders may come remotely?

---

Yes.  There are a lot. 

SNMP is the easiest because there are a lot of security vulnerability that a lot of operators conveniently ignore. 

Next, Smart Install is the next.  This was demonstrated when a hacker used SmartInstall against an Iranian power plant several years ago.  

You keep saying "we block SNMP".  Without even telling us what the platform is, who cares?  There are many security vulnerabilities that Cisco publishes regularly.  Some of which has elevated privileges without any authentication.  Read that carefully "elevated privileges without any authentication".  

If you have a backup of the configuration, perform a config difference between the backup config and the latest config.  

And hire a IT Security Officer.

By the the way, have you seen the output to the command "sh history all"?

I do not have much experience with 7613, but I believe that it does have options for http server and for https server. If these are enabled (which I believe is the default) then access might be possible. My impression is that this GUI is not full functional, but might allow some changes to be made. Check your config and if these are enabled then change the config to disable them. If you are not sure post the output of show run | include http.

Depending on how it is configured it is possible that SNMP could make config changes. Check your config for how SNMP is configured (or post the output of show run | include snmp).

We have both "no ip http" and "no ip http secure-server" in running config . And snmp RW also not there. Only snmp RO community string exist. 

Ah, dealing with "malicious attempts" is a somewhat different issue from what your OP was inferring (?), i.e. normal/usual/legitimate access methods.

From you later posts, it seems you've taken the "usual" steps to secure your device, but at @Leo Laohoo notes, illegitimate access might be via some security vulnerability.  The latter, though, come in two major groups, those known, with two subgroups, there's a "fix" or "no fix (yet), those unknown (e.g. like zero day exploits).

For known but no fix security vulnerabilities or unknown security vulnerabilities, we can sometime mitigate/preclude both by additionally hardening of the device, such as ACLs on all interfaces that block all traffic to the device (itself, i.e. not transit traffic) except for explicitly approved traffic types from known sources.  The latter might even be further controlled by having totally separate infrastructure that carries such traffic to/from the device, i.e. no mixing of this traffic with "ordinary" in-band transit traffic.

The forgoing possibly won't help to identify how whatever is being done that you suspect is being done, but it might block it.  Further, deep analysis into what is happening, if happening, is not a minor undertaking!  It's difficult enough to further harden a device, correctly, and its continued "care and feeding".