Harden internet router

Unanswered Question

Hi,

I want to harden my internet router.

Any link on this.

I cheked few links and find out that RFC 1918,3380 address to be blocked on externla int.

There is one entry like

access-list 101 deny ip host 0.0.0.0 any

&

access-list 101 deny ip host 255.255.255.255.any.

What is this host in the command.My internet router or something else.What should I use here..

And how these acl will work?

Reg,

Sushil

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
Jon Marshall Mon, 03/02/2009 - 02:39

Sushil

host 0.0.0.0 & host 255.255.255.255 are host addresses you should never see so you are safe to deny them.

There are some very good papers on hardening devices, have a look at these two

1) Cisco document on hardening routers

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080120f48.shtml

2) A non-Cisco doc from the sans.org website.

http://www.sans.org/reading_room/whitepapers/firewalls/cisco_router_hardening_stepbystep_794?show=794.php&cat=firewalls

Jon

ronald.ramzy Mon, 03/02/2009 - 22:03

Hi,

Can Someone help on how to harden or secure Switch which is connected to Internet.

Multiple ISP links are terminated on the switch...

Actions

This Discussion