Cisco路由器auto secure命令小結
2009-01-11
路由器命令auto secure用起來比較方便,而且可以關閉一些不安全的服務和啟用一些安全的服務。這里對這個命令做了一個總結。(注:ios版本為:12.3(1)以上才支持使用)
總結如下:
1、關閉一些全局的不安全服務如下:
Finger PAD Small Servers Bootp HTTP service Identification Service CDP NTP Source Routing
|
2、開啟一些全局的安全服務如下:
Password-encryption service Tuning of scheduler interval/allocation TCP synwait-time TCP-keepalives-in and tcp-kepalives-out SPD configuration No ip unreachables for null 0
|
3、關閉接口的一些不安全服務如下:
ICMP Proxy-Arp Directed Broadcast Disables MOP service Disables icmp unreachables Disables icmp mask reply messages.
|
4、提供日志安全如下:
Enables sequence numbers & timestamp Provides a console log Sets log buffered size Provides an interactive dialogue to configure the logging server ip address.
|
5、保護訪問路由器如下:
Checks for a banner and provides facility to add text to automatically configure: Login and password Transport input & output Exec-timeout Local AAA SSH timeout and ssh authentication-retries to minimum number Enable only SSH and SCP for access and file transfer to/from the router
|
6、保護轉發Forwarding Plane
Enables Cisco Express Forwarding (CEF) or distributed CEF on the router, when available Anti-spoofing Blocks all IANA reserved IP address blocks Blocks private address blocks if customer desires Installs a default route to NULL 0, if a default route is not being used Configures TCP intercept for connection-timeout, if TCP intercept feature is available and the user is interested Starts interactive configuration for CBAC on interfaces facing the Internet, when using a Cisco IOS Firewall image, Enables NetFlow on software forwarding platforms
|
(責任編輯:
51CTO.com TEL:010-68476606)
熱詞搜索:
上一篇:路由器的工作原理及分類應用(1)
下一篇:網絡工程師專業術語大集合之路由器(1)