This chapter showed you the basics of authentication proxy. Unlike with lock-and-key, you have much more flexibility and control over the authentication and authorization process. When you have different access policies for different users, AP is a better solution than lock-and-key. However, AP requires the use of an external TACACS+ or RADIUS security server. AP enables you to authenticate users through HTTP, HTTPS, Telnet, or FTP with the right version of the Cisco IOS.

Next up is Chapter 15, "Routing Protocol Protection," which shows you how to protect the router's routing protocols, as well as implement solutions to reduce your router and network exposure to attacks through some routing tricks.