Hardening CISCO Devices based on Cryptography and Security Protocols - Part II: Implementation and Evaluation

Waheed, Faisal; Ali, Maaruf

doi:10.33166/AETiC.2018.04.002

Paper #2

Hardening CISCO Devices based on Cryptography and Security Protocols - Part II: Implementation and Evaluation

Faisal Waheed and Maaruf Ali

Abstract: This second part covers the implementation, testing, critical evaluation, conclusion and further study. It concentrates on the actual implementation details of hardening of network devices by referring to the hardware and software components, device operating system’s features, management controls, access-list restrictions, operational configurations and critically making sure that the data and credentials are not stored or transferred in ‘plaintext’ over the network by detailed testing and evaluation. It investigates the commands used to enable cryptography and network protocols based on encryption, in order to meet the need for essential security requirements. Substantial work is devoted to the command line details and testing of a router based on Cryptography and Security Protocols in the border router. A step-by-step hardening approach is detailed using the commands used to secure the proposed network framework’s border router. Encrypted services coupled with best practice configurations are explained and tested in an emulated environment. The use of protocol analysers, CISCO Configuration Professional’s Audit and penetration testing tools corroborated the success of the project.

Keywords: AAA; ACL; APT; ASA; CEF; Control Plane; Cryptography; DDoS; DES; DMVPN; DMZ; DoS; Data Plane; EIGRP; GRE; Hardening CISCO Devices; HSRP; ICMP; IDS; IKE; IOS; IPS; IPSec; Management Plane; NAT; NHRP; OSFP; OSI; PSM; RADIUS; RIP; RIPv2; RSA; Security Protocols; SNMP; SNMPv3; SSH; SSHv2; SSL; TACACS; TCP/IP; VPN; VLAN.