Cisco路由器auto secure命令小结

1/5/2008来源:路由技术人气:2352

    路由器命令auto secure用起来比较方便,而且可以关闭一些不安全的服务和启用一些安全的服务。这里对这个命令做了一个总结。(注:ios版本为:12.3(1)以上才支持使用)

    总结如下:

    1、关闭一些全局的不安全服务如下:

    Finger

    PAD

    Small Servers

    Bootp

    HTTP service

    Identification Service

    CDP

    NTP

    Source Routing

    2、开启一些全局的安全服务如下:

    PassWord-encryption service

    Tuning of scheduler interval/allocation

    TCP synwait-time

    TCP-keepalives-in and tcp-kepalives-out

    SPD configuration

    No ip unreachables for null 0

    3、关闭接口的一些不安全服务如下:

    ICMP

    PRoxy-Arp

    Directed Broadcast

    Disables MOP service

    Disables icmp unreachables

    Disables icmp mask reply messages.

    4、提供日志安全如下:

    Enables sequence numbers & timestamp

    Provides a console log

    Sets log buffered size

    Provides an interactive dialogue to configure the logging server ip address.

    5、保护访问路由器如下:

    Checks for a banner and provides facility to add text to automatically configure:

    Login and password

    Transport input & output

    Exec-timeout

    Local AAA

    SSH timeout and ssh authentication-retries to minimum number

    Enable only SSH and SCP for access and file transfer to/from the router

    6、保护转发Forwarding Plane

    Enables Cisco EXPress Forwarding (CEF) or distributed CEF on the router, when available


    Anti-spoofing

    Blocks all IANA reserved IP address blocks

    Blocks private address blocks if customer desires

    Installs a default route to NULL 0, if a default route is not being used

    Configures TCP intercept for connection-timeout, if TCP intercept feature is available and the user is interested

    Starts interactive configuration for CBAC on interfaces facing the Internet, when using a Cisco IOS Firewall image,

    Enables NetFlow on software forwarding platforms