Cisco IOS基本安全配置详解
Cisco CatOS基本安全配置详解
|
2003-01-08 juechen70 原创/编译 未经许可,严禁转载 |
|
no ip domain-lookup //关闭域名查询 no cdp run //禁用cdp no ip http server //禁用http server,这玩意儿的安全漏洞很多的 no ip source-route //禁用IP源路由,防止路由欺骗 no service finger //禁用finger服务 no ip bootp server //禁用bootpe服务 no service udp-small-s //禁用一堆小的udp服务 no service tcp-small-s //禁用一堆小的tcp服务 ! service timestamp log datetime localtime //配置时间戳为datetime方式,使用本地时间 logging 192.168.0.1 //向192.168.0.1发送log logging 192.168.0.2 //向192.168.0.2发送log snmp-server community HSDxdf ro 98//配置snmp只读通讯字,并只允许access-list 98的主机进行通讯 service password-encryption //启用加密服务,将对password密码进行加密 enable secret asdfajkls //配置强加密的特权密码 no enable password //禁用弱加密的特权密码 no access-list 99 //在配置一个新的acl前先清空该ACL access-list 99 permit 192.168.0.0 0.0.0.255 access-list 99 deny any log //log参数说明在有符合该条件的条目时产生一条logo信息 no access-list 98 //在配置一个新的acl前先清空该ACL access-list 98 permit host 192.168.0.1 access-list 98 deny any log //log参数说明在有符合该条件的条目时产生一条logo信息 ! line vty 0 4 access-class 99 in //使用acl 99来控制telnet的源地址 login password 0 asdfaksdlf //配置telnet密码 exec-timeout 2 0 //配置虚终羰超时参数,这里是2分钟 ! line con 0 login password 0 adsfoii //配置console口的密码 exec-timeout 2 0 //配置console口超时参数,这里是两分钟 ! line aux 0 transport input none password 0 asfdkalsfj no exec exit banner motd # //配置提示信息 This is a private system operated for UltraTeam. Authorization from UltraTeam is required to use this system Use by unauthorized persons is prohibited # ! clock timezone PST-8 //设置时区 ntp authenticate //启用NTP认证 ntp authentication-key 1 md5 uadsf //设置NTP认证用的密码,使用MD5加密。需要和ntp server一致 ntp trusted-key 1 //可以信任的Key. ntp acess-group peer 98 //设置ntp服务,只允许对端为符合access-list 98条件的主机 ntp server 192.168.0.1 key 1 //配置ntp server,server为192.168.0.1,使用1号key做为密码 ! interface vlan 10 ip address 10.1.10.254 255.255.255.0 ip ospf authentication message-digest //启用ospf邻接过程中的认证 ip ospf message-digest-key md5 7 24d10564152140a7e //配置ospf认证key,要求所有邻居相同 ip ospf priority 3 //提高ospf的优先级,便于成为DR |
-----------------------------------------------------------------------------------------------------------------------------
Cisco CatOS基本安全配置详解
set cdp disable //禁用cdp
set ip http disable //禁用http server,这玩意儿的安全漏洞很多的
!
set logging timestamp enable //启用log时间戳
set logging server 192.168.0.1 //向192.168.0.1发送log
set logging server 192.168.0.2 //向192.168.0.2发送log
set snmp community HSDxdf //配置snmp只读通讯字
set ip permit enable snmp //启用snmp访问控制
set ip permit 192.168.0.1 snmp //允许192.168.0.1进行snmp访问
set ip permit enable telnet //启用telnet访问控制
set ip permit 192.168.0.1 telnet //允许192.168.0.1进行telnet访问
set password //配置telnet密码
set enable //配置特权密码
set logout 2 //配置超时参数,2分钟
set banner motd //配置提示信息
This is a private system operated for UltraTeam.
Authorization from UltraTeam is required to use this system
Use by unauthorized persons is prohibited
!
set timezone PST-8 //设置时区
set ntp authenticate enable //启用NTP认证
set ntp key 1 md5 uadsf //设置NTP认证用的密码,使用MD5加密。需要和ntp server一致
set ntp server 192.168.0.1 key 1 //配置ntp server,server为192.168.0.1,使用1号key做为密码
set ntp client enable //启用ntp client
阅读(1951) | 评论(0) | 转发(0) |