知识屋:更实用的电脑技术知识网站
所在位置:首页 > 网络安全 > 技术文献

分析一条Cisco路由器的安全命令

发布时间:2011-06-26 06:25:14作者:知识屋

前两天在路由器试用了一个命令:auto secure,这个命令用起来比较方便,而且可以关闭一些不安全的服务和启用一些安全的服务。然后对这个命令做了一个总结。(注:好像ios版本为:12.3(1)以上才支持使用)

  总结如下:

  1、关闭一些全局的不安全服务如下:

  Finger

  PAD

  Small Servers

  Bootp

  HTTP service

  Identification Service

  CDP

  NTP

  Source Routing

  2、开启一些全局的安全服务如下:

  Password-encryption service

  Tuning of scheduler interval/allocation

  TCP synwait-time

  TCP-keepalives-in and tcp-kepalives-out

  SPD configuration

  No ip unreachables for null 0

 
3、关闭接口的一些不安全服务如下:
  ICMP

  Proxy-Arp

  Directed Broadcast

  Disables MOP service

  Disables icmp unreachables

  Disables icmp mask reply messages.

  4、提供日志安全如下:

  Enables sequence numbers & timestamp

  Provides a console log

  Sets log buffered size

  Provides an interactive dialogue to configure the logging server ip address.

  5、保护访问路由器如下:

  Checks for a banner and provides facility to add text to automatically configure:

  Login and password

  Transport input & output

  Exec-timeout

  Local AAA

  SSH timeout and ssh authentication-retries to minimum number

  Enable only SSH and SCP for access and file transfer to/from the router

  6、保护转发Forwarding Plane

  Enables Cisco Express Forwarding (CEF) or distributed CEF on the router, when available

  Anti-spoofing

  Blocks all IANA reserved IP address blocks

  Blocks private address blocks if customer desires

  Installs a default route to NULL 0, if a default route is not being used

  Configures TCP intercept for connection-timeout, if TCP intercept feature is available and the user is interested

  Starts interactive configuration for CBAC on interfaces facing the Internet, when using a Cisco IOS Firewall image,

  Enables NetFlow on software forwarding platforms

(免责声明:文章内容如涉及作品内容、版权和其它问题,请及时与我们联系,我们将在第一时间删除内容,文章内容仅供参考)
收藏
  • 人气文章
  • 最新文章
  • 下载排行榜
  • 热门排行榜