Chinaunix首页 | 论坛 | 博客
  • 博客访问: 18671230
  • 博文数量: 7460
  • 博客积分: 10434
  • 博客等级: 上将
  • 技术积分: 78178
  • 用 户 组: 普通用户
  • 注册时间: 2008-03-02 22:54
文章分类

全部博文(7460)

文章存档

2011年(1)

2009年(669)

2008年(6790)

分类: 系统运维

2008-05-22 11:07:27

在Router里有这样一条命令:auto secure,这个命令用起来比较方便,而且可以关闭一些不安全的服务和启用一些安全的服务。然后对这个命令做了一个总结。(注:ios版本为:12.3(1)以上才支持使用)

总结如下:

1、关闭一些全局的不安全服务如下:

Finger

PAD

Small Servers

Boot p

HTTP service

Identification Service

CDP

NTP

Source Routing
2、开启一些全局的安全服务如下:

Password-encryption service

Tuning of scheduler interval/allocation

TCP synwait-time

TCP-keepalives-in and tcp-kepalives-out

SPD configuration

No ip unreachables for null 0
3、关闭接口的一些不安全服务如下:

ICMP

Proxy-Arp

Directed Broadcast

Disables MOP service

Disables icmp unreachables

Disables icmp mask reply messages.
4、提供日志安全如下:

Enables sequence numbers & timestamp

Provides a console log

Sets log buffered size

Provides an interactive dialogue to configure the logging server ip address.
5、保护访问路由器如下:

Checks for a banner and provides facility to add text to automatically configure:

Login and password

Transport input & output

Exec-timeout

Local AAA

SSH timeout and ssh authentication-retries to minimum number

Enable only SSH and SCP for access and file transfer to/from the router
6、保护转发Forwarding Plane

Enables Cisco Express Forwarding (CEF) or distributed CEF on the router, when available

Anti-spoofing

Blocks all IANA reserved IP address blocks

Blocks private address blocks if customer desires

Installs a default route to NULL 0, if a default route is not being used

Configures TCP intercept for connection-timeout, if TCP intercept feature is available and the user is interested

Starts interactive configuration for CBAC on interfaces facing the Internet, when using a Cisco IOS Firewall image,

Enables NetFlow on software forwarding platforms

阅读(446) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~