Cisco IOS Cookbook 中文精简版第二十七章安全(…

27.1. 使用AutoSecure

提问 傻瓜化的方式来加固你的路由器

回答

Router2#auto secure

--- AutoSecure Configuration ---

*** AutoSecure configuration enhances the security of

the router, but it will not make it absolutely resistant

to all security attacks ***

AutoSecure will modify the configuration of your device.

All configuration changes will be shown. For a detailed

explanation of how the configuration changes enhance security

and any possible side effects, please refer to Cisco.com for

Autosecure documentation.

At any prompt you may enter '?' for help.

Use ctrl-c to abort this session at any prompt.

Gathering information about the router for AutoSecure

Is this router connected to internet? [no]:

<Removed for brevity>

注释 12.3(1)开始路由器增加了autosecure的特性来通过问题的方式自动对路由器进行加固，下面是一个生成的配置实例

Router2#show auto secure config

no service finger

no service pad

no service udp-small-servers

no service tcp-small-servers

service password-encryption

service tcp-keepalives-in

service tcp-keepalives-out

no cdp run

no ip bootp server

no ip http server

no ip finger

no ip source-route

no ip gratuitous-arps

no snmp-server community public

no snmp-server community private

banner ^C Test ^C

security passwords min-length 6

security authentication failure rate 10 log

enable password 7 00071A1507545B54

aaa new-model

aaa authentication login local_auth local

line con 0

login authentication local_auth

exec-timeout 5 0

transport output telnet

line aux 0

login authentication local_auth

exec-timeout 10 0

transport output telnet

line vty 0 6

login authentication local_auth

transport input telnet

login block-for 5 attempts 5 within 6

crypto key generate rsa general-keys modulus 1024

标签：

版权申明：本站文章部分自网络，如有侵权，请联系：west999com@outlook.com
特别注意：本站所有转载文章言论不代表本站观点，本站所提供的摄影照片，插画，设计作品，如需使用，请与原作者联系，版权归原作者所有