Here is a checklist on how to safeguard your network router by effectively managing access controls, passwords, and configurations.

Sub Category Checklist Threat
Access Control Disable or secure AUX access with password. Unauthorized access
Disable or secure all VTY access with password. Unauthorized access
Do not use the no lo-gin command under any line (con/aux/vty) configurations. Unauthorized access
Set the enable password. Unauthorized access
Password Vulnerability Password Encryption should be enabled. Expose and make liable to attacks.
Password should be enabled for router. Unauthorized access
Router user name and password should not be the default user name and password (admin, admin or admin, password).
Message of the Day (MOTD) banner defined Without lo-gin banners unauthorized access to the routers can happen
Change policy Prevent password from regular changes of staff or temporary workers
Password Complexity
Configuration SNMP Version 3 SNMP v1 or v2c uses the community string as the only form of authentication and is sent in clear text across the network and is open to attack
Routing protocol message authentication enabled Spoofing or modification of a valid routing protocol message
Backup should be Enabled
Security Updates – should be on Vulnerability to security issues
Disable remote management Unauthorized access.
Unused interfaces disabled
DNS lookups for the router turned off
Boot up server disabled on the routers Allows other routers to boot from this router Rarely used on today’s networks.
Directed broadcast disabled on all interfaces Denial-of-service attacks
Any applications use telnet to perform management activities such as backing up configuration? Telnet protocol transfers data in clear text thereby allowing an intruder to sniff valuable data such as passwords
Change the default wireless SSID name
If your router is physically accessible, disabling WPS. Unauthorized person can access.