Harden internet router

Unanswered Question

Hi,

I want to harden my internet router.

Any link on this.


I cheked few links and find out that RFC 1918,3380 address to be blocked on externla int.


There is one entry like

access-list 101 deny ip host 0.0.0.0 any

&

access-list 101 deny ip host 255.255.255.255.any.


What is this host in the command.My internet router or something else.What should I use here..

And how these acl will work?


Reg,

Sushil

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
Jon Marshall Mon, 03/02/2009 - 02:39
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Sushil


host 0.0.0.0 & host 255.255.255.255 are host addresses you should never see so you are safe to deny them.


There are some very good papers on hardening devices, have a look at these two


1) Cisco document on hardening routers


http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080120f48.shtml


2) A non-Cisco doc from the sans.org website.


http://www.sans.org/reading_room/whitepapers/firewalls/cisco_router_hardening_stepbystep_794?show=794.php&cat=firewalls


Jon

Leo Laohoo Mon, 03/02/2009 - 13:56
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 LAN, Wireless

Hey Jon,


Thanks for the link. Check out this proviso: "Reposting is not permited without express written permission."


He he he ...

ronald.ramzy Mon, 03/02/2009 - 22:03
User Badges:

Hi,


Can Someone help on how to harden or secure Switch which is connected to Internet.


Multiple ISP links are terminated on the switch...

Actions

This Discussion