Summary

The router plays a significant role in the security of your network. It can be configured as a role player in defense in depth, helping protect your QoS, defending against DoS attacks, or just taking some of the burden off your existing firewall by handling egress or ingress filtering. Your router might also be acting as your primary firewall, using technologies such as CBAC, NAT, and ACLs. With CBAC, your router might be supporting you as a truly stateful firewall. With NAT, your router might be shielding your addressing scheme from prying eyes and helping protect your network from unsolicited entrance. Finally, with access lists, your router might be defending your network using packet-filtering technology.

In any case, the router performs important security duties and must be sufficiently armored. Be sure to disable unused features and block unused services, use adequate passwording and authentication, secure configuration channels and methods, prevent the propagation of unneeded network information, and use logging to audit your success. Tools such as Cisco's Auto Secure and the Router Audit Tool can assist in the automation of your router hardening. After all, a properly implemented and hardened router is the beginning of a secure network.