huixinkeji 2008-7-21 15:32
小命令大作用:增加Router的安全
[align=center]小命令大作用:增加Router的安全[/align]
在Router里有这样一条命令:auto secure,这个命令用起来比较方便,而且可以关闭一些不安全的服务和启用一些安全的服务。然后对这个命令做了一个总结。(注:ios版本为:12.3(1)以上才支持使用)
总结如下:
[b]1、关闭一些全局的不安全服务如下:[/b]
Finger
PAD
Small Servers
Bootp
HTTP service
Identification Service
CDP
NTP
Source Routing
[b] 2、开启一些全局的安全服务如下: [/b]
Password-encryption service
Tuning of scheduler interval/allocation
TCP synwait-time
TCP-keepalives-in and tcp-kepalives-out
SPD configuration
No ip unreachables for null 0
[b] 3、关闭接口的一些不安全服务如下: [/b]
ICMP
Proxy-Arp
Directed Broadcast
Disables MOP service
Disables icmp unreachables
Disables icmp mask reply messages.
[b] 4、提供日志安全如下:[/b]
Enables sequence numbers ×tamp
Provides a console log
Sets log buffered size
Provides an interactive dialogue to configure the logging server ip address.
[b] 5、保护访问路由器如下: [/b]
Checks for a banner and provides facility to add text to automatically configure:
Login and password
Transport input &output
Exec-timeout
Local AAA
SSH timeout and ssh authentication-retries to minimum number
Enable only SSH and SCP for access and file transfer to/from the router
[b]6、保护转发Forwarding Plane [/b]
Enables Cisco Express Forwarding (CEF) or distributed CEF on the router, when available
Anti-spoofing
Blocks all IANA reserved IP address blocks
Blocks private address blocks if customer desires
Installs a default route to NULL 0, if a default route is not being used
Configures TCP intercept for connection-timeout, if TCP intercept feature is available and the user is interested
Starts interactive configuration for CBAC on interfaces facing the Internet, when using a Cisco IOS Firewall image,
xiaosa5053 2008-9-11 11:20
有些东西可不能乱关,建议不懂的别乱关~~!
pengwf1982 2008-9-12 11:59
学习了~~~~~
happy-idiot 2008-10-3 21:24
还不懂!!!还需要学习!!!!
kikakikaka 2008-10-12 08:25
怎么进入不了。。
zhaow139 2008-10-12 19:49
不错,学习了。谢谢楼主
