Get started Bring yourself up to speed with our introductory content.

Disable HTTP configuration for the router, if possible

As outlined in a Cisco Tech Note, "The authentication protocol used for HTTP is equivalent to sending a cleartext password across the network, and, unfortunately, there is no effective provision in HTTP for challenge-based or one-time passwords."

Although it may be convenient to configure your router from a remote location (from home for example), the fact that you can do it means that anyone else can as well. Especially if you're still using the default password! If you must remotely manage the router, make sure that you are using SNMPv3 or greater, as it supports hashed passwords.

Fortifying router security

 Step 1: Change the default password!
 Step 2: Disable IP directed broadcasts
 Step 3: Disable HTTP configuration for the router, if possible
 Step 4: Block ICMP ping requests
 Step 5: Disable IP source routing
 Step 6: Determine your packet filtering needs
 Step 7: Establish Ingress and Egress address filtering policies
 Step 8: Maintain physical security of the router
 Step 9: Take the time to review the security logs

About the author
Chris Cox is a network administrator for the United States Army, based in Fort Irwin, California.

This tip originally appeared on

Dig Deeper on Campus area networks and services

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.