5.2.b Implement and troubleshoot router security features

here is the laundry list of tasks from the ccna security lab manual that covers chapters 1 through 9…  i haven’t been able to find a 64 bit cisco vpn client to support windows 7, so that shit’s out the door… the first time i tried to configure easy vpn server with ccp, it crashed my router, whoops… no problem there because i really dislike ccp… however this task list is good practice for any level… i’ll keep the time… i would suggest skipping part 5 altogether and replace with this task; build a site-to-site vpn from the cli… much more rewarding… the fact is anyone who is contemplating sitting the ccie lab exam should be able to complete all these tasks in record time, right? because these are bread and butter tasks, right? right…


Part 1: Create a Basic Security Policy
 Develop a network device security guidelines document.
Part 2: Basic Network Device Configuration
 Configure hostnames, interface IP addresses, and passwords.
 Configure static routing.
Part 3: Secure Network Routers
 Configure passwords and a login banner.
 Configure SSH access and disable Telnet.
 Configure HTTP secure server access.
 Configure a synchronized time source using NTP.
 Configure router syslog support.
 Configure centralized authentication using AAA and RADIUS.
 Use Cisco IOS to disable unneeded services and secure against login attacks.
 Use CCP to disable unneeded services.
 Configure a CBAC firewall.
 Configure a ZBF firewall.
 Configure intrusion prevention system (IPS) using Cisco IOS and CCP.
 Back up and secure the Cisco IOS image and configuration files.
Part 4: Secure Network Switches
 Configure passwords, and a login banner.
 Configure management VLAN access.
 Configure a synchronized time source using NTP.
 Configure syslog support.
 Configure SSH access.
 Configure AAA and RADIUS.
 Secure trunk ports.
 Secure access ports.
 Protect against STP attacks.
 Configure port security and disable unused ports.
Part 5: Configure VPN remote access
 Use CCP to configure Easy VPN Server.
 Use the Cisco VPN Client to test the remote access VPN.