RE: Locking Cisco Router

From: d'Ambly, Jeff (jdambly@monster.com)
Date: 11/26/02

  • Next message: Rick Darsey: "RE: *nix firewall setup" 
    From: "d'Ambly, Jeff" <jdambly@monster.com>
To: "'Vachon, Scott'" <Scott.Vachon@Paymentech.com>, "'Dozal, Tim'" <tdozal@cisco.com>, "'security-basics@securityfocus.com'" <security-basics@securityfocus.com>
Date: Tue, 26 Nov 2002 15:54:55 -0500

            I personally don't like the idea of having to pull out the NVRAM.
            
    I would just configure a user mode password for the console and AUX ports.
    Any way here are some awesome links on how to secure cisco IOS routers and a
    good secure BGP config to boot as well. I would be VERY carefule with these
    configs some of the things that it suggests may not fit your network.

    http://www.cymru.com/Documents/secure-ios-template.html

    http://www.cymru.com/Documents/secure-bgp-template.html

    -----Original Message-----
    From: Vachon, Scott [mailto:Scott.Vachon@Paymentech.com]
    Sent: Tuesday, November 26, 2002 8:44 AM
    To: 'Dozal, Tim'; security-basics@securityfocus.com
    Subject: Locking Cisco Router

    >If you have physical access you can still open the box pull the NVRAM
    >and your back in business.
    >in response to: What about physically disabling all the external ports ?

    If you pull the NVRAM and place it in another router ? Otherwise I don't
    understand after you physically disable (remove ) the external ports, how
    you could work around it ?

    ~S~
      
    Learn more about Paymentech's payment processing services at
    www.paymentech.com
    THIS MESSAGE IS CONFIDENTIAL. This e-mail message and any attachments are
    proprietary and confidential information intended only for the use of the
    recipient(s) named above. If you are not the intended recipient, you may
    not print, distribute, or copy this message or any attachments. If you have
    received this communication in error, please notify the sender by return
    e-mail and delete this message and any attachments from your computer.

    Relevant Pages

    • RE: Outbound Port scans, ports 3800+
      ... >ports 3800 and higher. ... >CONFIDENTIALITY NOTICE: ... If the reader of this message is not the intended recipient, ... send/receive up to 3MB attachments. ...
      (Security-Basics)
    • Re: Applying and activating MCLs to OSA-cards in flight
      ... It's something to consider in future OSA-port distributions:) ... Does each port still have its own computer and microcode? ... computer and microcode control two ports? ... Messages and attachments are scanned for all viruses known. ...
      (bit.listserv.ibm-main)
    • RE: [Full-Disclosure] SQL Slammer - lessons learned
      ... >> Can you think of a legitimate reason why ISPs should allow ports ... I just want a pipe ... ... The information contained in this email and any attachments is ...
      (Full-Disclosure)
    • RE: [Full-Disclosure] SQL Slammer - lessons learned
      ... > To: Email List: Full Disclosure ... >> to open those ports to the outside world, ... > game servers). ... The information contained in this email and any attachments is ...
      (Full-Disclosure)