Hi,

I would suggest you the following links. These has everything that you can configure your perimeter router to secure it.

http://www.cisco.com/en/US/tech/tk583/tk385/technologies_white_paper09186a0080174a5b.shtml

http://www.cisco.com/en/US/netsol/ns110/ns170/ns171/ns128/networking_solutions_white_paper09186a008009c8ad.shtml

http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_configuration_example09186a0080094111.shtml

Thanks,

Mynul

I recently created a freeware script (available at http://hotunix.com/tools/) for checking Cisco config security:

"CCSAT (Cisco Configuration Security Auditing Tool) is a script to allow automated review of configuration security of large numbers of Cisco routers and switches. The tool is based upon industry best practices including Cisco, NSA and SANS security guides and recommendations. It is flexible and can report details down to individual device interfaces, lines, ACL's, AS's, etc."

Your comments and feedback are highly welcome! :)

http://www.cisecurity.org/bench_cisco.html

Is a good tool for auditing configurations.

ACLs on routers can be tricky - if it is not a stateful firewall, it is easy to break things. At a minimum though, you can block outbound all traffic with source ip addresses that you don't use.

Those particular MS ports should be blocked in and outbound, but a general rule is that you should block *everything* outbound that is not specifically permitted.