- 论坛徽章:
- 0
|
在Router里有这样一条命令:auto secure,这个命令用起来比较方便,而且可以关闭一些不安全的服务和启用一些安全的服务。然后对这个命令做了一个总结。(注:ios版疚??2.3(1)以上才支持使用) \n总结如下:\n\n1、关闭一些全局的不安全服务如下:\n\nFinger \n\nPAD \n\nSmall Servers \n\nBootp \n\nHTTP service \n\nIdentification Service \n\nCDP \n\nNTP \n\nSource Routing \n2、开启一些全局的安全服务如下:\n\nPassword-encryption service \n\nTuning of scheduler interval/allocation \n\nTCP synwait-time \n\nTCP-keepalives-in and tcp-kepalives-out \n\nSPD configuration \n\nNo ip unreachables for null 0\n3、关闭接口的一些不安全服务如下:\n\nICMP \n\nProxy-Arp \n\nDirected Broadcast \n\nDisables MOP service \n\nDisables icmp unreachables \n\nDisables icmp mask reply messages. \n4、提供日志安全如下:\n\nEnables sequence numbers & timestamp \n\nProvides a console log \n\nSets log buffered size \n\nProvides an interactive dialogue to configure the logging server ip address.\n5、保护访问路由器如下:\n\nChecks for a banner and provides facility to add text to automatically configure: \n\nLogin and password \n\nTransport input & output \n\nExec-timeout \n\nLocal AAA \n\nSSH timeout and ssh authentication-retries to minimum number \n\nEnable only SSH and SCP for access and file transfer to/from the router \n6、保护转发Forwarding Plane\n\nEnables Cisco Express Forwarding (CEF) or distributed CEF on the router, when available \n\nAnti-spoofing \n\nBlocks all IANA reserved IP address blocks \n\nBlocks private address blocks if customer desires \n\nInstalls a default route to NULL 0, if a default route is not being used \n\nConfigures TCP intercept for connection-timeout, if TCP intercept feature is available and the user is interested \n\nStarts interactive configuration for CBAC on interfaces facing the Internet, when using a Cisco IOS Firewall image, \n\nEnables NetFlow on software forwarding platforms |
|