Summary

This chapter covers the concept of securing the most common elements of today's networks IOS-based routers and switches. The chapter prepares the Netadmins for the following tasks:

Improving password security for IOS devices
Detecting and turning off unneeded services and features on IOS devices
Discovering vulnerabilities and configuration errors in IOS devices
Configuring IOS devices in accordance with industry best practices
Configuring CatOS switches in accordance with industry best practices

Table 8-3 lists the tools that are relevant to securing Cisco routers and switches.

Table 8-3. List of Device Security Tools
Tool	Function	Supported OS	URL/Notes
Cain & Abel	IOS password recovery	MS-Windows NT, 2000, XP	http://www.oxid.it
GetPass	IOS password recovery (Type 7 only)	MS-Windows NT, 2000, XP	http://www.boson.com
Nmap	Port scanning and OS detection	Linux, MS-Windows	http://www.nmap.org
Nessus	Vulnerability scanning	Linux, MS-Windows	http://www.nessus.org
RAT	Securing IOS devices	Linux, MS-Windows	http://www.cisecurity.org
SDM	Securing IOS devices	MS-Windows (Java-enabled web browser)	http://www.cisco.com/go/sdm
Cisco ISP Essentials	IOS security features and configuration tips based on Cisco TAC's experience; a good source of information		http://www.cisco.com
Cisco IOS Switch/Router Security Configuration Guides	Step-by-step guidelines for securing Cisco routers and switches		http://www.nsa.gov
Best Practices for Catalyst Series Switches Running Cisco IOS Software	Cisco TAC recommended best practices for Cisco Catalyst switches		http://www.cisco.com

Table 8-3. List of Device Security Tools