路由知识 Cisco路由器auto secure命令总结_派派后花园

用户中心 游戏论坛 社区服务
发帖 回复
阅读:935 回复:0

路由知识 Cisco路由器auto secure命令总结

刷新数据 楼层直达
mmwwee

ZxID:1031914


等级: 明星作家
最近有事不在论坛``抱歉
举报 只看楼主 使用道具 楼主   发表于: 2007-09-02 0
    路由器命令auto secure用起来比较方便,而且可以关闭一些不安全的服务和启用一些安全的服务。这里对这个命令做了一个总结。


总结如下:


1、关闭一些全局的不安全服务如下:


Finger


PAD


Small Servers


Bootp


HTTP service


Identification Service


CDP


NTP


Source Routing


2、开启一些全局的安全服务如下:


Password-encryption service


Tuning of scheduler interval/allocation


TCP synwait-time


TCP-keepalives-in and tcp-kepalives-out


SPD configuration


No ip unreachables for null 0


3、关闭接口的一些不安全服务如下:


ICMP


Proxy-Arp


Directed Broadcast


Disables MOP service


Disables icmp unreachables


Disables icmp mask reply messages.


4、提供日志安全如下:


Enables sequence numbers & timestamp


Provides a console log


Sets log buffered size


Provides an interactive dialogue to configure the logging server ip address.


5、保护访问路由器如下:


Checks for a banner and provides facility to add text to automatically configure:


Login and password


Transport input & output


Exec-timeout


Local AAA


SSH timeout and ssh authentication-retries to minimum number


Enable only SSH and SCP for access and file transfer to/from the router


6、保护转发Forwarding Plane


Enables Cisco Express Forwarding (CEF) or distributed CEF on the router, when available


Anti-spoofing


Blocks all IANA reserved IP address blocks


Blocks private address blocks if customer desires


Installs a default route to NULL 0, if a default route is not being used


Configures TCP intercept for connection-timeout, if TCP intercept feature is available and the user is interested


Starts interactive configuration for CBAC on interfaces facing the Internet, when using a Cisco IOS Firewall image,


Enables NetFlow on software forwarding platforms

发帖 回复