• Verify that timestamps for debugging and logging messages has been enabled.

• Verify the severity level of events that are being captured.

• Verify that the source interface command has been configured.

• Verify the IP address of the syslog server.

• ACLs• Routing Protocol Authentication• CDP• VLANs• Switchport Security• VTP• DTP

• Cisco IOS uses access control lists to separate data traffic into that which it will process (permitted packets) and that which it will not process (denied packets).

• Cisco routers makes very heavy use of access lists:

• restrict access to services

• filter traffic passing through the router.

• An ACL is a sequential list of permit or deny statements that apply to addresses or upper-layer protocols.

• Static packet filtering controls access to a network by analyzing the incoming and outgoing packets

• By default, a router does not have any ACLs configured and therefore does not filter traffic.

• Standard ACLs - Allow you to filter traffic based on source IP address.

• Extended ACLs filter IP packets based on:

• Protocol type,

• Source IP address,

• Destination IP address

• TCP or UDP ports.

• Extended ACLs are used for more precise traffic-filtering control and are used more often than standard ACLs to provide a greater range of control.

• ICMP Packet Filtering - filter ICMP messages by name or type and code.

• Filter IP Fragments – Fragmentation is often used in attempts to evade detection by intrusion detection systems, deny IP fragments.

• Anti IP Address Spoofing – Deny any inbound IP packet that contains a source address from the internal network.

• Smurf Attack - deny packets destined for broadcast addresses.