Do you harden your network device configurations? If not, you may want to start doing so.
Configuration hardening entails researching and employing various security measures in your baseline configuration templates. Simple modifications like disabling ICMP redirects or forcing VTY line encryption are simple to implement but can greatly reduce your network's vulnerability to an attacker. And the best part is, most of the hard work has already been done for you.
One great source for best practices is the US National Security Agency, known to its friends simply as NSA. When they're not busy illegally intercepting the communications of private citizens, it seems they can produce some quality documentation. The NSA publishes security configuration guides on many types of IT systems, from network gear to operating systems, with a heavy focus on Cisco IOS routers and switches. There's also some great VOIP and IPv6 information.
If the NSA's looming shadow puts you off, another great source for configuration guidelines is Team Cymru. In the long list of documents there you'll find recommendations for both IOS and JUNOS gear, as well as a number of platform-independent papers.
Lastly, Cisco maintains their own device hardening checklist, as do other companies. Note that many of these concepts are easily adapted and applied to equipment from a variety of vendors.