It is imperative that the networks
be secured using some kind of security policy and parameters. The perimeter
routers must be secured so that the corporate LAN resources are protected from
the outside world. Perimeter security comes in different forms. If you
have a small network with only one router separating you from the rest of the
world, it becomes imperative that the perimeter router be secured. This
security helps you protect your internal resources.
Here is an example of how to disable insecure and unnecessary services via commands:
Router(config)# no cdp run
Router(config)# no service tcp-small-servers
Router(config)# no service udp-small-servers
Router(config)# no ip finger
Router(config)# no ip identd
Router(config)# no service finger
Router(config)# no ip source-route
Router(config)# no ftp-server enable
Router(config)# no ip http server
Router(config)# no ip http secure-server
Router(config)# no snmp-server community public RO
Router(config)# no snmp-server community private RW
Router(config)# no snmp-server enable traps
Router(config)# no snmp-server system-shutdown
Router(config)# no snmp-server trap-auth
Router(config)# no snmp-server
Router(config)# no ip domain-lookup
Router(config)# no ip bootp server
Router(config)# no service dhcp
Router(config)# no service pad
Router(config)# no boot network
Router(config)# no service config
Router(config)# interface ethernet 0
Router(config-if)# no ip proxy-arp
Router(config-if)# no ip directed-broadcast
Router(config-if)# no ip unreachable
Router(config-if)# no ip redirect
Router(config-if)# no ip mask-reply
Router(config-if)# exit
Router(config)# interface ethernet 1
Router(config-if)# no ip proxy-arp
Router(config-if)# no ip directed-broadcast
Router(config-if)# no ip unreachable
Router(config-if)# no ip redirect
Router(config-if)# no ip mask-reply
Router(config-if)# exit
Router(config)# service tcp-keepalives-in
Router(config)# service tcp-keepalives-out
Router(config)# username admin1 privilege 15 secret geekboy
Router(config)# hostname Bullmastiff
Bullmastiff(config)# ip domain-name quizware.com
Bullmastiff(config)# crypto key generate rsa
Bullmastiff(config)# line vty 0 4
Bullmastiff(config-line)# login local
Bullmastiff(config-line)# transport input ssh
Bullmastiff(config-line)# transport output ssh
reference:
Very lengthy but informative article. You mentioned lots of information in your article. I like your article. I discussed all the above information with my friend circle also. They are also very impress by your article.
ReplyDeletedigital signature