整理总结如下:
1、关闭些全局不安全服务如下:
Finger
PAD
Small Servers
Bootp
HTTP service
Identication Service
CDP
NTP
Source Routing
2、开启些全局安全服务如下:
Password-encryption service
Tuning of scheduler erval/allocation
TCP synwait-time
TCP-keepalives-in and tcp-kepalives-out
SPD configuration
No ip unreachables for null 0
3、关闭接口些不安全服务如下:
ICMP
Proxy-Arp
Directed Broadcast
Disables MOP service
Disables icmp unreachables
Disables icmp mask reply messages.
4、提供日志安全如下:
Enables sequence numbers & timestamp
Provides a console log
Sets log buffered size
Provides an eractive dialogue to configure the logging server ip address.
5、保护访问路由器如下:
Checks for a banner and provides facility to add text to automatically configure:
Login and password
Transport input & output
Exec-timeout
Local AAA
SSH timeout and ssh authentication-retries to minimum number
Enable _disibledevent=>
最新评论