Routers and switches make up the core of the network infrastructure. Indeed, it s not a far claim to say that routers and switches are the network infrastructure. Consequently, if you want your network infrastructure to be as secure as possible, you have to harden your routers and switches.
This chapter takes a look at hardening routers and switches from two perspectives. First, we will look at how to harden the device itself. Second, we will look at how to use the device to harden the network. I will be covering the following devices/software in this chapter:
IOS C1700 Software (C1700-ADVSECURITYK9-M), version 12.3(3)
IOS 2500 Software (C2500-JK8OS-L), version 12.2(1d)
WS-C5505 Software, version McpSW: 4.5(9) NmpSW: 4.5(9)
IOS C2950 Software (C2950-I6K2L2Q4-M), version 12.1(20)EA1
Catalyst 6500 Series CatOS version 8.2
Although these are all Cisco devices, the concepts and recommendations in this chapter are valid for all vendors. In addition, many of the commands that run on the IOS-based devices will be valid for all vendors that implement an IOS-based CLI.