路由器命令auto secure用起来比较方便,而且可以关闭一些不安全的服务和启用一些安全的服务。这里对这个命令做了一个总结。(注:ios版本为:12.3(1)以上才支持使用) 总结如下: 1、关闭一些全局的不安全服务如下: Finger PAD Small Servers Bootp HTTP service Identification Service CDP NTP Source Routing 2、开启一些全局的安全服务如下: PassWord-encryption service Tuning of scheduler interval/allocation TCP synwait-time TCP-keepalives-in and tcp-kepalives-out SPD configuration No ip unreachables for null 0 3、关闭接口的一些不安全服务如下: ICMP Proxy-Arp Directed Broadcast Disables MOP service Disables icmp unreachables Disables icmp mask reply messages. 4、提供日志安全如下: Enables sequence numbers & timestamp Provides a console log Sets log buffered size Provides an interactive dialogue to configure the logging server ip address. 5、保护访问路由器如下: Checks for a banner and provides facility to add text to automatically configure: Login and password Transport input & output Exec-timeout Local AAA SSH timeout and ssh authentication-retries to minimum number Enable only SSH and SCP for Access and file transfer to/from the router 6、保护转发Forwarding Plane Enables Cisco EXPress Forwarding (CEF) or distributed CEF on the router, when available
Blocks all IANA reserved IP address blocks Blocks private address blocks if customer desires Installs a default route to NULL 0, if a default route is not being used Configures TCP intercept for connection-timeout, if TCP intercept feature is available and the user is interested Starts interactive configuration for CBAC on interfaces facing the Internet, when using a Cisco IOS Firewall image, Enables NetFlow on software forwarding platforms http://pan.baidu.com/s/1bns376R(责任编辑:admin) |
Cisco路由器auto secure命令小结,布布扣,bubuko.com
原文地址:http://9052731.blog.51cto.com/9042731/1431440