Here is the basic checklist for things you should consider for security of your IOS routers:
- Setup and abide by a router security policy – identify the standards your organization adheres to and enforce compliance of that policy.
- Use encrypted passwords – no passwords should be sent in plain text, and furthermore, use adequate encryption standards
- Secure the access to the router using ACLs – lock down administration to a standard interface and enforce IP restriction using access-control lists on vty lines and console/auxiliary ports.
- Use secure management protocols – management protocols should be encrypted, such as ssh and snmpv3.
- Periodically backup configuration – make sure you have a backup and recovery strategy to limit the impact of device failure or compromise
- Implement logging – standardize logging parameters, including timestamps for proper incident management and correlation, and implement an archiving solution for network logs
- Disable unused services – unused services can be an attack vector, such as cdp. If you have no great need for them, disable them to reduce the attack surface.