Cisco路由器auto secure命令小結

標籤：directed   access   timestamp   

路由器命令auto secure用起來比較方便，而且可以關閉一些不安全的服務和啟用一些安全的服務。這裡對這個命令做了一個總結。（註：ios版本為：12.3（1）以上才支援使用）     總結如下：     1、關閉一些全域的不安全服務如下：     Finger     PAD     Small Servers     Bootp     HTTP service     Identification Service     CDP     NTP     Source Routing     2、開啟一些全域的安全服務如下：     PassWord-encryption service     Tuning of scheduler interval/allocation     TCP synwait-time     TCP-keepalives-in and tcp-kepalives-out     SPD configuration     No ip unreachables for null 0    3、關閉介面的一些不安全服務如下：     ICMP     Proxy-Arp     Directed Broadcast     Disables MOP service     Disables icmp unreachables     Disables icmp mask reply messages.     4、提供日誌安全如下：     Enables sequence numbers & timestamp     Provides a console log     Sets log buffered size     Provides an interactive dialogue to configure the logging server ip address.     5、保護訪問路由器如下：     Checks for a banner and provides facility to add text to automatically configure：     Login and password     Transport input & output     Exec-timeout     Local AAA     SSH timeout and ssh authentication-retries to minimum number     Enable only SSH and SCP for Access and file transfer to/from the router     6、保護轉寄Forwarding Plane     Enables Cisco EXPress Forwarding （CEF） or distributed CEF on the router， when available     Anti-spoofing     Blocks all IANA reserved IP address blocks     Blocks private address blocks if customer desires     Installs a default route to NULL 0， if a default route is not being used     Configures TCP intercept for connection-timeout， if TCP intercept feature is available and the user is interested     Starts interactive configuration for CBAC on interfaces facing the Internet， when using a Cisco IOS Firewall image，     Enables NetFlow on software forwarding platforms http://pan.baidu.com/s/1bns376R(責任編輯：admin)