小命令大作用:增加Router的安全

2008-02-23 04:53:24来源:互联网 阅读 ()

新老客户大回馈,云服务器低至5折

在Router里有这样一条命令:auto secure,这个命令用起来比较方便,而且可以关闭一些不安全的服务和启用一些安全的服务。然后对这个命令做了一个总结。(注:ios版本为:12.3(1)以上才支持使用)
  
  总结如下:
  
  1、关闭一些全局的不安全服务如下:
  
  Finger
  
  PAD
  
  Small Servers
  
  Bootp
  
  HTTP service
  
  Identification Service
  
  CDP
  
  NTP
  
  Source Routing
  
  2、开启一些全局的安全服务如下:
  
  Password-encryption service
  
  Tuning of scheduler interval/allocation
  
  TCP synwait-time
  
  TCP-keepalives-in and tcp-kepalives-out
  
  SPD configuration
  
  No ip unreachables for null 0
  
  3、关闭接口的一些不安全服务如下:
  
  ICMP
  
  Proxy-Arp
  
  Directed Broadcast
  
  Disables MOP service
  
  Disables icmp unreachables
  
  Disables icmp mask reply messages.
  
  4、提供日志安全如下:
  
  Enables sequence numbers & timestamp
  
  Provides a console log
  
  Sets log buffered size
  
  Provides an interactive dialogue to configure the logging server ip address.
  
  5、保护访问路由器如下:
  
  Checks for a banner and provides facility to add text to automatically configure:
  
  Login and password
  
  Transport input & output
  
  Exec-timeout
  
  Local AAA
  
  SSH timeout and ssh authentication-retries to minimum number
  
  Enable only SSH and SCP for access and file transfer to/from the router
  
  6、保护转发Forwarding Plane
  
  Enables Cisco Express Forwarding (CEF) or distributed CEF on the router, when available
  
  Anti-spoofing
  
  Blocks all IANA reserved IP address blocks
  
  Blocks private address blocks if customer desires
  
  Installs a default route to NULL 0, if a default route is not being used
  
  Configures TCP intercept for connection-timeout, if TCP intercept feature is available and the user is interested
  
  Starts interactive configuration for CBAC on interfaces facing the Internet, when using a Cisco IOS Firewall image,
  
  Enables NetFlow on software forwarding platforms

标签:

版权申明:本站文章部分自网络,如有侵权,请联系:west999com@outlook.com
特别注意:本站所有转载文章言论不代表本站观点,本站所提供的摄影照片,插画,设计作品,如需使用,请与原作者联系,版权归原作者所有

上一篇:浅谈保护端口和端口安全

下一篇:路由配置简化之道