The following section is intended to give you an overview of the features that need to be deployed to ensure a secure infrastructure. It is beyond the scope of this book to provide an in-depth understanding of each feature. You should refer to the appropriate switch/router documentation for specific details. The National Security Agency (NSA) has a guide to securing routers that would be a good place to start (http://www.nsa.gov/snac/routers/ cisco_scg-1.1b.pdf).
You can secure the host-chassis in several ways, including the following:
• Controlling Physical Access
• Being Mindful of Environmental Considerations
• Controlling Management Access
• Disabling Unnecessary Services
• Controlling Access Using Port-Based Security
• Controlling Spanning Tree
• Leveraging Access Control Lists
• Securing Layer 3
• Leveraging Control Plane Policing
• Protecting a Network Using Quality of Service
Was this article helpful?