System information

C H A P T E R

Defending the Perimeter

In addition to Cisco ﬁrewall, virtual private network (VPN), and intrusion prevention

system (IPS) appliances that can sit at the perimeter of a network, Cisco IOS routers offer

perimeter-based security. For example, the Cisco Integrated Services Routers (ISR) can be

equipped to provide high-performance security features, including ﬁrewall, VPN

termination, and IPS features, in addition to other services such as voice and quality-of-

service (QoS) services. This chapter introduces various ISR models.

Because perimeter routers can be attractive targets for attack, they should be conﬁgured to

secure administrative access. Therefore, this chapter also discusses speciﬁc approaches to

“harden” administrative access to ISRs.

Conﬁguring advanced ISR router features can be a complex process. Fortunately, many

modern Cisco routers can be conﬁgured using the graphical Cisco Security Device

Manager (SDM) interface. SDM contains multiple wizard-like conﬁguration utilities,

which are introduced in this chapter.

“Do I Know This Already?” Quiz

The “Do I Know This Already?” quiz helps you determine your level of knowledge of this

chapter’s topics before you begin. Table 3-1 details the major topics discussed in this

chapter and their corresponding quiz questions.

Table 3-1 “Do I Know This Already?” Section-to-Question Mapping

Foundation Topics Section Questions

ISR Overview and Providing Secure Administrative Access 1 to 10

Cisco Security Device Manager Overview 11 to 13