Overview

In this chapter, you will learn about:

• Eavesdropping

• Limiting unnecessary services

• Denial of service attacks

• Unauthorized access

• Lack of legal IP addresses

• Rerouting attacks

• Lack of information about an attack

This chapter looks at those IOS features that can be used on the borders of the network to ward off unwanted and malicious traffic. Chapters 6 and 7 pick up with those additional features included in the Cisco IOS Firewall feature set. In many ways, this chapter pulls together information covered in the first three chapters. In Chapter 1, you learned that the four most common types of network attacks are reconnaissance attacks, access attacks, denial of service (DoS) attacks, and data manipulation attacks.

The perimeter router is the first line of defense against each of these threats. While the perimeter router can often thwart reconnaissance, access, and data manipulation attacks, it typically requires the assistance of the company’s ISP to deal with DoS attacks.