• The CLI uses a hierarchical structure for the modes.

• In order from top to bottom, the major modes are:• User mode• Privileged mode• Global Configuration mode• Specific Configuration modes

• User Mode – view only• Privileged Mode – used to manage, update

configuration• By default, no authentication required.

Policy – roles, responsibilities, permissions, standard configurationsAccess – Physical and ElectronicIOS - The operating system for the router is a crucial component. Configuration Management – both static and dynamic. Basic hardening should be one of the first steps implemented to minimize the risk of attacks. Logging - log information helps to determine whether the router is working properly of if it has been probed or worst case, compromised.

• Security policy should define:• Roles – define administrator, operator and any user

role.• Permissions – defines how who will be granted

privileges on the device.• Rules of conduct – define how rules will be

configured on the router and who will approve rule implementation.

• Responsibilities – define who will make config changes or who will monitor logs.

• Minimum Configuration Standards – basic hardening requirements.

• Access should be limited 24/7 365 days a year. • Environmental controls - free of electrostatic and

magnetic interference, temperature and humidity controlled, Uninterruptible Power Supply (UPS)

• Some routers offer PC-Card slots or CompactFlash slots

• The Cisco password recovery procedure allows individual to gain privileged access to the device without using a password.

• There are two types of access: local and remote. • Local access involves a direct connection to a

console port on the router with a dumb terminal or a laptop computer.