VroCommandAuto secure is easy to use and can be disabledSecurityAnd enable someSecurity. For thisCommandMake a summary. (Note: IOS 12.3 (1) or later versions are supported) SummaryAs follows:: 1. Disable some global insecure services as follows: Finger Pad Small servers BOOTP HTTP service Identification Service CDP NTP Source Routing 2. enable some global security services as follows: Password-encryption service Tuning of scheduler interval/allocation TCP synwait-time TCP-keepalives-in and TCP-kepalives-out SPD Configuration No IP unreachables for null 0 3. Some insecure services that disable the interface are as follows: ICMP Proxy-ARP Directed broadcast Disables mop Service Disables ICMP unreachables Disables ICMP Mask Reply messages. 4. Provide log security as follows: Enables sequence numbers & Timestamp Provides a console log Sets log buffered size Provides an interactive dialogue to configure the logging Server IP address. 5. Protect the Access Router as follows: Checks for a banner and provides facility to add text to automatically configure: Login and password Transport input & Output Exec-Timeout Local aaa SSH timeout and SSH Authentication-retries to minimum number Enable only SSH and SCP for access and file transfer to/from the router 6. Protect forwarding plane Enables Cisco Express Forwarding (CEF) or distributed CEF on the router, when available Anti-Spoofing
Blocks all IANA reserved IP address blocks Blocks private address blocks if customer desires Installa default route to null 0, if a default route is not being used Configures TCP Intercept for connection-Timeout, if TCP Intercept feature is available and the user is interested Starts interactive configuration for CBAC on interfaces facing the Internet, when using a Cisco IOS Firewall image, Enables NetFlow on software forwarding platforms Http://pan.baidu.com/s/1bns376R (responsible editor: Admin) |