Introduction Controlling Interactive Access
Enable Secret
Service Password-Encryption
AAA Kerberos Radius Tacacs+ Comparing Radius and Tacacs
Console Port
Aux Port
Virtual Access Telnet SSH HTTP
Warning Banners Logging
Core Dumps
Timestamps
Syslog
NetFlow
Logging Access List Violations
NTP Basic NTP Configuration
SNMP Traps and Management Securing Interior IP Routing
Anti-spoofing Using Access-lists for Anti-spoofing Using CEF and RPF to Check for Spoofing
Eliminating Directed Broadcasts
Access Lists Ingress Access Lists Egress Access Lists Turbo Access Lists
Path Integrity CEF and IP Unicast Verify Reverse-Path IP Source Routing ICMP Redirects Route Authentication Securing Exterior IP Routing
BGP Prefix Lists MD5 Authentication Route Dampening Reverse Path Verification
Black Hole Routes
No IP Unreachables
No IP Proxy-ARP
No IP Redirects
No IP Mask-reply Flood Management
TCP Intercept
Rate Limiting ICMP, UDP, and Multicast
Unicast Verify Reverse Path
SYN Flood Attack
DDoS Attack
Process Table Attack
SMURF Attack
Fraggle Attack
Land Attack
Router Self-protection Unnecessary Services
HTTP
SNMP (see above for traps, etc.)
DHCP
TCP and UDP "Small Services"
Finger
PAD
IP Source Routing
BootP
Domain Lookup
NTP
CDP (arguments pro and con)
TFTP (must be present under some circumstances) Putting It All Together Conclusion Bibliography