RE: Locking Cisco Router

["d'Ambly, Jeff" <jdambly () monster com>]

        I personally don't like the idea of having to pull out the NVRAM. 
        
I would just configure a user mode password for the console and AUX ports.
Any way here are some awesome links on how to secure cisco IOS routers and a
good secure BGP config to boot as well. I would be VERY carefule with these
configs some of the things that it suggests may not fit your network.

http://www.cymru.com/Documents/secure-ios-template.html

http://www.cymru.com/Documents/secure-bgp-template.html


-----Original Message-----
From: Vachon, Scott [mailto:Scott.Vachon () Paymentech com] 
Sent: Tuesday, November 26, 2002 8:44 AM
To: 'Dozal, Tim'; security-basics () securityfocus com
Subject: Locking Cisco Router 

> If you have physical access you can still open the box pull the NVRAM
> and your back in business.
> in response to: What about physically disabling all the external ports ?

If you pull the NVRAM and place it in another router ? Otherwise I don't
understand after you physically disable (remove ) the external ports, how
you could work around it ?

~S~
  
Learn more about Paymentech's payment processing services at
www.paymentech.com
THIS MESSAGE IS CONFIDENTIAL.  This e-mail message and any attachments are
proprietary and confidential information intended only for the use of the
recipient(s) named above.  If you are not the intended recipient, you may
not print, distribute, or copy this message or any attachments.  If you have
received this communication in error, please notify the sender by return
e-mail and delete this message and any attachments from your computer.