auto secure命令的使用

 更新时间:2007年09月19日 10:23:20   作者:  


"
    在路由器试用了一个命令:auto secure,这个命令用起来比较方便,而且可以关闭一些不安全的服务和启用一些安全的服务。然后对这个命令做了一个总结。(注:好像ios版本为:12.3(1)以上才支持使用)

  总结如下:
  1、关闭一些全局的不安全服务如下:
  Finger
  PAD
  Small Servers
  Bootp
  HTTP service
  Identification Service
  CDP
  NTP
  Source Routing

  2、开启一些全局的安全服务如下:
  Password-encryption service
  Tuning of scheduler interval/allocation
  TCP synwait-time
  TCP-keepalives-in and tcp-kepalives-out
  SPD configuration
  No ip unreachables for null 0

  3、关闭接口的一些不安全服务如下:
  ICMP
  Proxy-Arp
  Directed Broadcast
  Disables MOP service
  Disables icmp unreachables
  Disables icmp mask reply messages.

  4、提供日志安全如下:
  Enables sequence numbers & timestamp
  Provides a console log
  Sets log buffered size
  Provides an interactive dialogue to configure the logging server ip address.

  5、保护访问路由器如下:
  Checks for a banner and provides facility to add text to automatically configure:
  Login and password
  Transport input & output
  Exec-timeout
  Local AAA
  SSH timeout and ssh authentication-retries to minimum number
  Enable only SSH and SCP for access and file transfer to/from the router

  6、保护转发Forwarding Plane
  Enables Cisco Express Forwarding (CEF) or distributed CEF on the router, when available
  Anti-spoofing
  Blocks all IANA reserved IP address blocks
  Blocks private address blocks if customer desires
  Installs a default route to NULL 0, if a default route is not being used
  Configures TCP intercept for connection-timeout, if TCP intercept feature is available and the user is interested
  Starts interactive configuration for CBAC on interfaces facing the Internet, when using a Cisco IOS Firewall image,
  Enables NetFlow on software forwarding platforms 文章录入:csh    责任编辑:csh 

相关文章

最新评论