How to disable unnecessary services in vro settings

Currently, vrouters are widely used and users are not familiar with some routing settings. So I studied how to turn off unnecessary services in vro settings, disable insecure and unnecessary services on the VBR settings. Here, we assume that the vro is configured with ports Ethernet0 and ethernet1.

Router (config) # no cdp run // disable CDP. CDP uses multicast addresses to discover the Hostname, hardware device type, IOS version, and layer-3 interface address of the Peer Router, IP address for sending CDP Multicast

Router (config) # no service tcp-small-servers
Router (config) # no service udp-small-servers // disable some useless small services of TCP and UDP. The ports of these small services are less than 19, it is usually used in previous UNIX environments, such as chargen and daytime.

Router (config) # no service finger // finger is usually used in UNIX to determine who is logged on to the device: telnet 192.168.1.254 finger
Router (config) # no ip finger // close the response to the finger query
Router (config) # no ip identd // disable the user authentication service. A device sends a request to the Ident interface TCP 113), and the target answers an identity, such as the host name or device name.

Router (config) # no ip source-route // disable the IP source route. Through the source route, you can specify the actual path of the data packet in the IP header.
Router (config) # no ftp-server enable // disable the FTP service
Router (config) # no ip http server // disable the HTTP Router login service
Router (config) # no ip http secure-server // disable HTTPS Router login service

Router (config) # no snmp-server community public RO
Router (config) # no snmp-server community private RW
Router (config) # no snmp-server enable traps
Router (config) # no snmp-server system-shutdown
Router (config) # no snmp-server trap-auth
Router (config) # no snmp-server // close the SNMP service

Router (config) # no ip domain-lookup // disable DNS domain search
Router (config) # no ip bootp server // bootp service is usually used in diskless sites, requesting ip addresses for hosts
Router (config) # no service dhcp // disable DHCP service
Router (config) # no service pad // The pad service is generally used in the X.25 network to provide reliable connections for remote sites.
Router (config) # no boot network // disable Router settings to load IOS boot through TFTP
Router (config) # no service config // disable Router settings after loading IOS successfully, load the configuration file through TFTP

Router (config) # interface ethernet 0
Router (config-if) # no ip proxy-arp // disable the proxy ARP Service
Router (config-if) # no ip directed-broadcast // disable direct broadcast because direct broadcast can be routed.

Router (config-if) # no ip unreachable
Router (config-if) # no ip redirect
Router (config-if) # no ip mask-reply // disable three unreliable ICMP messages
Router (config-if) # exit
Note: Use show ip interface to view the services enabled by the interface

Router (config) # interface ethernet 0
Router (config-if) # shutdown // manually close unused Interfaces
Router (config-if) # exit

Router (config) # service tcp-keepalives-in
Router (config) # service tcp-keepalives-out
// Monitors active tcp connections and closes idle tcp connections in time. It is usually used together with telnet and ssh.

Router (config) # username admin1 privilege 15 secret geekboy
Router (config) # hostname y
Bullmastiff (config) # ip domain-name godupgod.com
Bullmastiff (config) # crypto key generate rsa
Bullmastiff (config) # line vty 0 4
Bullmastiff (config-line) # login local
Bullmastiff (config-line) # transport input ssh
Bullmastiff (config-line) # transport output ssh
// Only allow other devices to log on to the vro through SSH