HostedDB - Dedicated UNIX Servers
index_130
Router Security Configuration Guide UNCLASSIFIED 130 UNCLASSIFIED Version 1.0g Additional Security Concerns  There are several security issues surrounding upgrades, this section attempts to address them.    First, if you follow the installation procedure outlined above, you  transmit a copy of your router configuration to a TFTP server.  Because TFTP provides no security, it is critical that you protect the TFTP transaction and server from potential attackers.   There are several approaches to doing this, but the simplest is to ensure that the TFTP traffic does not traverse hostile networks.  Also, do not leave TFTP enabled on your host; always turn it off immediately after you finish the installation procedure. Second, whenever you make any kind of backup copy of a router configuration, you may be exposing your encrypted passwords to disclosure.  The simplest approach  to mitigating this risk is to change the enable secret immediately after installation (see Section 4.1).   Third, many default settings differ between various IOS releases. Some of these settings can affect your router’s security.   Also, some newer versions offer services not present in older versions.   4.5.6.    Diagnosing and Debugging Router Operation Effective logging and SNMP help an administrator to stay aware of their routers’ status and operational condition.  When a problem occurs, or when a network is under attack, Cisco IOS diagnostic and debug facilities can be used to get vital information, identify sources and causes, and validate repairs. Techniques for troubleshooting and debugging routers could (and do) fill entire books.  This short sub-section describes some of the most useful techniques for IOS 11.3 and 12.0.  The techniques fall into three groups: § Router status and configuration commands –   These commands display information about that settings and tables held by the router; some of this information is global to the whole router, and some is particular to each interface. § Router throughput and traffic commands –   Each interface, and some other facilities, keep input/output statistics.   There are IOS commands to display these statistics that can be used to detect problems. § Debugging commands –   Virtually every IOS facility and protocol has associated debugging commands, and they offer a great deal of visibility into the operation of the