How to Secure your Cisco Router
Below shows a number of commands that you can use for securing your Cisco router.
Block Denied Logins - Useful for delaying denied logins when someone is trying to brute force your router.
(config)# login block-for [seconds] attempts [attempts] within [seconds]
Quiet Login - Allows you to still login once the router has blocked login attempts because of the above. A permitted list is created via the ACL.
(config)# login quiet-mode access-class [acl]
Login Delay - Adds a delay at the point of your login being unsuccessful.
(config)# login delay [seconds]
Login Logging - Generates a log after a certain amount of failed or successful attempts.
(config)# login on-failure log [#]
(config)# login on-success log [#]
Min Password Length - Ensures that any new password created on the router meets a minimum password length.
(config)# security password min-length [number of characters]
Set Timeout - Sets a time out period for your line (con / vty).
(config-line)# exec-timeout [min/hour] [time]
Encrypt Passwords - Encrypts all passwords within your routers config.
(config) # service password-encryption