首 页 | 兆通产品部 | 兆通工程部 | 兆通维护部 | 兆通销售站 | 天猫店铺 | 技术中心 | 方案中心 | 典型案例 | 兆通论坛
当前页面:首页>>小命令大作用:增加Router的安全
[2009-9-5]
 
     在Router里有这样一条命令:auto secure,这个命令用起来比较方便,而且可以关闭一些不安全的服务和启用一些安全的服务。然后对这个命令做了一个总结。(注:ios版本为:12.3(1)以上才支持使用)

  总结如下:

1、关闭一些全局的不安全服务如下:

  Finger  

  PAD  

  Small Servers  

  Bootp  

  HTTP service  

  Identification Service  

  CDP  

  NTP  

  Source Routing  

  2、开启一些全局的安全服务如下:  

  Password-encryption service  

  Tuning of scheduler interval/allocation  

  TCP synwait-time  

  TCP-keepalives-in and tcp-kepalives-out  

  SPD configuration  

  No ip unreachables for null 0 

  3、关闭接口的一些不安全服务如下:  

  ICMP  

  Proxy-Arp  

  Directed Broadcast  

  Disables MOP service  

  Disables icmp unreachables  

  Disables icmp mask reply messages.  

  4、提供日志安全如下:  

  Enables sequence numbers ×tamp  

  Provides a console log  

  Sets log buffered size  

  Provides an interactive dialogue to configure the logging server ip address.  

  5、保护访问路由器如下:  

  Checks for a banner and provides facility to add text to automatically configure:  

  Login and password  

  Transport input &output  

  Exec-timeout  

  Local AAA  

  SSH timeout and ssh authentication-retries to minimum number  

  Enable only SSH and SCP for access and file transfer to/from the router

  6、保护转发Forwarding Plane  

  Enables Cisco Express Forwarding (CEF) or distributed CEF on the router, when available

  Anti-spoofing  

  Blocks all IANA reserved IP address blocks  

  Blocks private address blocks if customer desires  

  Installs a default route to NULL 0, if a default route is not being used  

  Configures TCP intercept for connection-timeout, if TCP intercept feature is available and the user is interested

  Starts interactive configuration for CBAC on interfaces facing the Internet, when using a Cisco IOS Firewall image,


[返回列表]

首页 | 网络工程 | 综合布线 | 安防监控 摄像头 摄像机 | 方案中心 | 技术中心 | TOP | 典型案例
电话:025-83693855
Copyright © 2005-2006 All Rights Reserved
南京总部: 南京市珠江路成贤大厦7楼