Theres a great cisco document called "Essential IOS Consideration Every ISP Should Consider" and covers unused services, NTP, security, routing protocols, ACLs, etc.
You can find it here http://www.cisco.com/public/cons/isp/documents/IOSEssentialsPDF.zip Regards! David Hernandez. -----Original Message----- From: d'Ambly, Jeff [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 26, 2002 2:55 PM To: 'Vachon, Scott'; 'Dozal, Tim'; '[EMAIL PROTECTED]' Subject: RE: Locking Cisco Router I personally don't like the idea of having to pull out the NVRAM. I would just configure a user mode password for the console and AUX ports. Any way here are some awesome links on how to secure cisco IOS routers and a good secure BGP config to boot as well. I would be VERY carefule with these configs some of the things that it suggests may not fit your network. http://www.cymru.com/Documents/secure-ios-template.html http://www.cymru.com/Documents/secure-bgp-template.html -----Original Message----- From: Vachon, Scott [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 26, 2002 8:44 AM To: 'Dozal, Tim'; [EMAIL PROTECTED] Subject: Locking Cisco Router >If you have physical access you can still open the box pull the NVRAM >and your back in business. >in response to: What about physically disabling all the external ports ? If you pull the NVRAM and place it in another router ? Otherwise I don't understand after you physically disable (remove ) the external ports, how you could work around it ? ~S~ Learn more about Paymentech's payment processing services at www.paymentech.com THIS MESSAGE IS CONFIDENTIAL. This e-mail message and any attachments are proprietary and confidential information intended only for the use of the recipient(s) named above. If you are not the intended recipient, you may not print, distribute, or copy this message or any attachments. If you have received this communication in error, please notify the sender by return e-mail and delete this message and any attachments from your computer.
