(1. Commonly used series of enterprises user.qzone.qq/1914756383/main2, learning course address ccieh3c.taobao/3, debugging and configuration business 1914756383.taobao/4, Baidu disk data sharing yun.baidu/share/home?uk=3778524151view= share1, unnecessary services on all three routers should be turned off, which needs to be done manually. Access to all routers using SSH (blocking Telnet service). Only network administrators (172.16.4.12, 172.16.4.13, 172.16.4.14 and 172.16.4.15) are allowed to access EXEC. 2. Each administrator has a separate account to access the router. Use AAA to set up access authentication to the router. All executed commands and system events should be logged. The AAA server will use CISCOSecureACS, with TACACS- as the security protocol. Even the AAA function is set up on the router of the branch office. 3. Standard extended ACLs are used to enforce policy restrictions on internal routers. The standard extended ACL is also used on the branch router, Router C. ......................)