troubleshooting Question

Securing our Router

Avatar of uglygrouch
uglygrouch asked on
Routers
11 Comments3 Solutions542 ViewsLast Modified:
Hi gang!

We're working on securing a router and frankly we have'nt the slightest business doing this, but
when you're small you do what you have to :)

Ok, we're working with our Cisco 1720 and we're using defaults on most things.
Below you'll find our config currently:

<begin snip>
Current configuration:
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
service udp-small-servers
service tcp-small-servers
!
hostname hostname-gw
!
logging buffered 4096 debugging
enable password somepassword
!
!
!
!
!
memory-size iomem 25
ip subnet-zero
ip domain-name customer.com
ip name-server 'nameserver'
ip name-server 'nameserver'
!
isdn switch-type basic-ni
!
!
!
interface Serial0
 description The World
 bandwidth 1544
 no ip address
 encapsulation frame-relay IETF
 no fair-queue
 service-module t1 timeslots 1-24
 frame-relay lmi-type ansi
!
interface Serial0.1 point-to-point
 ip address ourIP ourSub
 frame-relay interface-dlci 100
!
interface BRI0
 bandwidth 256
 ip unnumbered FastEthernet0
 encapsulation ppp
 shutdown
 dialer rotary-group 1
 isdn switch-type basic-ni
 isdn spid1 somenumber
 isdn spid2 somenumber
!
interface FastEthernet0
 description To Office FastEthernet
 ip address otherIP otherSUB secondary
 ip address ourIP ourSUB
 speed auto
!
interface Dialer1
 ip address negotiated
 encapsulation ppp
 dialer in-band
 dialer idle-timeout 300
 dialer string 1234567890
 dialer string somenumber
 dialer hold-queue 10
 dialer load-threshold 179 either
 dialer-group 1
 ppp authentication chap callin
 ppp chap hostname somehostname
 ppp chap password 7 somepassword
 ppp multilink
!
ip nat translation tcp-timeout 600
ip classless
ip route 0.0.0.0 0.0.0.0 someIP
ip http server
!
dialer-list 1 protocol ip permit
!
line con 0
 password somepassword
 login
 transport preferred none
 transport input none
 stopbits 1
line aux 0
 password somepassword
 login
 modem InOut
 transport preferred none
!
line con 0
 password somepassword
 login
 transport preferred none
 transport input none
 stopbits 1
line aux 0
 password somepassword
 login
 modem InOut
 transport preferred none
 transport input all
 stopbits 1
 flowcontrol hardware
line vty 0 4
 password somepassword
 login
 transport preferred none
!
no scheduler allocate
end

</end snip>

As you see, we've got info for a dialer, which isnt used.
And never will be. If we will get better service without it's
config we're fine with removing it.

Also, everything is pretty much default except for the IP's and whatnot
and passwords. We dont have any specific blocks for say DoS attacks
and whatnot.
We'd like to be able to say our router is pretty secure so we can
rest at night.

Any help would be appreciated,

UG
Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 3 Answers and 11 Comments.
Join the Community
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 3 Answers and 11 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros