Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Intrusion Testing 2
- Thread starter 84112000
- Start date
-
1
- #2
- Thread starter
- #3
-
1
- #4
Here is a nice checklist from NIST.
You will probably want to look at Secure Device Manager (SDM) for your router. It's a free download from Cisco, that is a web based checklist for Cisco router security.
You will probably want to look at Secure Device Manager (SDM) for your router. It's a free download from Cisco, that is a web based checklist for Cisco router security.
I have logging enabled on the router as shown:
logging trap notifications
logging facility local6
logging source-interface Loopback0
logging 10.1.190.8
where "10.1.190.8" is my syslog server. This sends most log messages (those with severity "nofitication" or higher).
ACL logging happens by appending "log" to the entry. So,
"access-list 101 deny ip 10.0.0.0 0.255.255.255 any log"
would deny access from anything in the 10.x network and log the offending entry to the log server shown above.
Linux has syslog built in. For Windows you can use Kiwi ( I use Linux, so I also use LogDog ( to take action based upon log events. Kiwi has a similar text-matching ability.
Some of the things that I watch are telnet access to key routers, the execution of a "config" command, and spoofing attempts. It's a start.
logging trap notifications
logging facility local6
logging source-interface Loopback0
logging 10.1.190.8
where "10.1.190.8" is my syslog server. This sends most log messages (those with severity "nofitication" or higher).
ACL logging happens by appending "log" to the entry. So,
"access-list 101 deny ip 10.0.0.0 0.255.255.255 any log"
would deny access from anything in the 10.x network and log the offending entry to the log server shown above.
Linux has syslog built in. For Windows you can use Kiwi ( I use Linux, so I also use LogDog ( to take action based upon log events. Kiwi has a similar text-matching ability.
Some of the things that I watch are telnet access to key routers, the execution of a "config" command, and spoofing attempts. It's a start.
- Thread starter
- #6
- Status