From: Jean-Francois Vaillancourt (hans@xxxxxxx)
Date: Sun Jan 13 2002 - 03:52:32 GMT-3
At 2002-01-11, Mic Pressure wrote:
>I am looking for non-Cisco positions papers on improving Cisco router and
>switch security along the same lines as the venerable,
>http://www.cisco.com/warp/public/707/21.html 'Improving Security on Cisco
>Routers'
The ISP doc already mentioned is really very good. If you do only one
thing, be a good net citizen and implement unicast reverse path forwarding
checks where applicable :-)
Also check out:
Secure IOS Template by Rob Thomas
http://www.enteract.com/~robt/Docs/Articles/secure-ios-template.html
It's quite good. I've used it as a starting point to generate access router
security templates along with the Cisco docs already mentioned.
The NSA doc is lots of general fluff, I found. However these are also good,
if slightly dated:
Phrack's "Building Bastion Routers Using Cisco IOS"
http://www.phrack.com/show.php?p=55&a=10
"Designing Network Security" by Merike Kaeo -- Cisco Press
SANS's Cisco Anti-Spoof Egress Filtering
http://www.sans.org/dosstep/cisco_spoof.htm
Cheers,
JF
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:56:26 GMT-3