Cisco router auto secure command Summary

Source: Internet
Author: User

VroCommandAuto secure is easy to use and can be disabledSecurityAnd enable someSecurity. For thisCommandMake a summary. (Note: IOS 12.3 (1) or later versions are supported)

SummaryAs follows::

1. Disable some global insecure services as follows:

Finger

Pad

Small servers

BOOTP

HTTP service

Identification Service

CDP

NTP

Source Routing

2. enable some global security services as follows:

Password-encryption service

Tuning of scheduler interval/allocation

TCP synwait-time

TCP-keepalives-in and TCP-kepalives-out

SPD Configuration

No IP unreachables for null 0

3. Some insecure services that disable the interface are as follows:

ICMP

Proxy-ARP

Directed broadcast

Disables mop Service

Disables ICMP unreachables

Disables ICMP Mask Reply messages.

4. Provide log security as follows:

Enables sequence numbers & Timestamp

Provides a console log

Sets log buffered size

Provides an interactive dialogue to configure the logging Server IP address.

5. Protect the Access Router as follows:

Checks for a banner and provides facility to add text to automatically configure:

Login and password

Transport input & Output

Exec-Timeout

Local aaa

SSH timeout and SSH Authentication-retries to minimum number

Enable only SSH and SCP for access and file transfer to/from the router

6. Protect forwarding plane

Enables Cisco Express Forwarding (CEF) or distributed CEF on the router, when available


Anti-Spoofing

Blocks all IANA reserved IP address blocks

Blocks private address blocks if customer desires

Installa default route to null 0, if a default route is not being used

Configures TCP Intercept for connection-Timeout, if TCP Intercept feature is available and the user is interested

Starts interactive configuration for CBAC on interfaces facing the Internet, when using a Cisco IOS Firewall image,

Enables NetFlow on software forwarding platforms

Http://pan.baidu.com/s/1bns376R (responsible editor: Admin)


Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.