Solved: What are you doing for edge security?

Bob Greer · ‎01-30-2014

Hi there,

Thanks for reading.

I'm seeing that my edge routers are terminating remote ssh sessions coming from overseas.

There's internal talk of an IPS system this year but no movement (quotes, POs).

What are some of the things you're doing for edge security?

Thanks!

Bob

John Blakley · ‎01-30-2014

If you're concerned about traffic to your router, you need to look into control plane security (CoPP)

http://www.cisco.com/web/about/security/intelligence/coppwp_gs.html

If you're concerned with traffic going through the router, acls, ZBFW or CBAC can control what goes through it, and you should disable unused services on the router.

You can view what ports are listening with "show control-plane hosts open".

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

View solution in original post

John Blakley · ‎01-30-2014

If you're concerned about traffic to your router, you need to look into control plane security (CoPP)

http://www.cisco.com/web/about/security/intelligence/coppwp_gs.html

If you're concerned with traffic going through the router, acls, ZBFW or CBAC can control what goes through it, and you should disable unused services on the router.

You can view what ports are listening with "show control-plane hosts open".

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

Collin Clark · ‎01-30-2014

https://supportforums.cisco.com/docs/DOC-39394

aftabsiddiqui · ‎01-30-2014

You should take a look at the following link by TeamCymru. Its kind of best operating procedure in many cases.

http://www.cymru.com/Documents/secure-ios-template.html