This chapter on Cisco IOS Software security features assumes that the ISP engineer has a working grasp of the fundamentals of system security. If not, the materials listed in the reference section should be reviewed first to help gain an understanding of some of the fundamentals. It is also important to note that the following sections are intended to supplement, not replace, Cisco documentation. It is assumed that the ISP engineer will read such documentation in parallel with this chapter.

This chapter describes tools that all ISPs should consider for their overall security architectures. Most of these tools are passive tools. When configured, they will help prevent security problems from happening and make it more difficult ...