总是需要一些温暖。哪怕是一点点自以为是的纪念。 注册 | 登陆

小命令增加Router的安全


          在Router里有这样一条命令:auto secure,这个命令用起来比较方便,而且可以关闭一些不安全的服务和启用一些安全的服务。然后对这个命令做了一个总结。(注:ios版本为:12.3(1)以上才支持使用)



总结如下:



1、关闭一些全局的不安全服务如下:



Finger  



PAD  



Small Servers  



Bootp  



HTTP service  



Identification Service  



CDP  



NTP  



Source Routing  

2、开启一些全局的安全服务如下:



Password-encryption service  



Tuning of scheduler interval/allocation  



TCP synwait-time  



TCP-keepalives-in and tcp-kepalives-out  



SPD configuration  



No ip unreachables for null 0

3、关闭接口的一些不安全服务如下:



ICMP  



Proxy-Arp  



Directed Broadcast  



Disables MOP service  



Disables icmp unreachables  



Disables icmp mask reply messages.  

4、提供日志安全如下:



Enables sequence numbers & timestamp  



Provides a console log  



Sets log buffered size  



Provides an interactive dialogue to configure the logging server ip address.

5、保护访问路由器如下:



Checks for a banner and provides facility to add text to automatically configure:  



Login and password  



Transport input & output  



Exec-timeout  



Local AAA  



SSH timeout and ssh authentication-retries to minimum number  



Enable only SSH and SCP for access and file transfer to/from the router  

6、保护转发Forwarding Plane



Enables Cisco Express Forwarding (CEF) or distributed CEF on the router, when available  



Anti-spoofing  



Blocks all IANA reserved IP address blocks  



Blocks private address blocks if customer desires  



Installs a default route to NULL 0, if a default route is not being used  



Configures TCP intercept for connection-timeout, if TCP intercept feature is available and the user is interested  



Starts interactive configuration for CBAC on interfaces facing the Internet, when using a Cisco IOS Firewall image,  



Enables NetFlow on software forwarding platforms

« 上一篇 | 下一篇 »

Trackbacks

点击获得Trackback地址,Encode: UTF-8 点击获得Trackback地址,Encode: GB2312 or GBK 点击获得Trackback地址,Encode: BIG5

发表评论

评论内容 (必填):