Imagine you are part of a team that will develop and impleme

Imagine you are part of a team that will develop and implement security policies and procedures for the Cisco routers and switches within the business. How will this be done? Include the following in your response: The access to those devices must be limited to only specific network administrators. Include policies and procedures that should be in place to handle accounts for temporary employees. This includes using generic accounts.

Solution

Best practices to secure your routers, your network, and your company from malicious attacks are given below-
1. Understand the basics of router security
You must understand the basics of router security. Here are the essentials:
a-Physically secure the routers
If your routers are not physically secured, anyone can walk up, perform a password reset, and gain full access to that router\'s configuration. Even if this isn\'t a core router, they could take down your network by poisoning the routing tables on all routers. For this reason, routers should be in a locked room and preferably have video surveillance. Additionally, reliable electrical power and cooling must be provided.
b-Lock down the router with passwords
Routers must be secured with passwords at both the login mode (to prevent initial access) and the privileged mode (to prevent configuration changes).
c-Apply login mode passwords on Console, AUX, and VTY (telnet/ssh) interfaces
Password controlled access needs not only to be on the VTY lines to prevent network access, but also on the Console and AUX ports. If the Console port is locked but the AUX port doesn\'t have a password, then locking the Console wasn\'t of much use, was it?

2. Know your network: Diagram, audit, and document
You should diagram your network so that you have a map to help you and others visualize the entire network.you should periodically audit your network security, both internally and externally (via a third party).
3. Protect your router with a firewall and ACLs
ACLs aren\'t just used to prevent traffic from going through the router. They are also used to control SSH traffic, routing update, and to throttle traffic.
Protect your network with the Cisco IOS Firewall,\" and consider implementing one on your routers.
4. Change your passwords and make them complex
Another method that hackers use to take control of networks is password guessing or password sniffing. To prevent this, you should CHANGE YOUR PASSWORDS TO COMPLEX PASSWORDS TODAY
5. Always encrypt sensitive network traffic
You should always encrypt sensitive network traffic by using SSH and SNMP encryption. Start by enabling SSH and disable telnet to all network devices that support it.
6. No local user accounts are configured on the router. Routers and switches must use TACACS+ for all user authentication.
7. The following services should be disabled unless a business justification is provided: a. Cisco discovery protocol and other discovery protocols b. Dynamic trunking c. Scripting environments, such as the TCL shell.
8.The router must be included in the corporate enterprise management system with a designated point of contact.