总结如下:
1、关闭一些全局的不安全服务如下:
字串4
Finger
PAD 字串4
Small Servers
字串7
Bootp
字串2
HTTP service
字串2
Identification Service
CDP
字串5
NTP
Source Routing 字串5
2、开启一些全局的安全服务如下:
字串4
Password-encryption service 字串6
Tuning of scheduler interval/allocation
字串5
TCP synwait-time 字串4
TCP-keepalives-in and tcp-kepalives-out 字串8
SPD configuration 字串5
No ip unreachables for null 0
3、关闭接口的一些不安全服务如下: 字串2
ICMP
字串4
Proxy-Arp 字串4
Directed Broadcast 字串4
Disables MOP service
Disables icmp unreachables
Disables icmp mask reply messages.
4、提供日志安全如下: 字串9
Enables sequence numbers & timestamp
字串9
Provides a console log
Sets log buffered size 字串1
Provides an interactive dialogue to configure the logging server ip address. 字串3
5、保护访问路由器如下: 字串5
Checks for a banner and provides facility to add text to automatically configure: 字串3
Login and password 字串6
Transport input & output
字串6
Exec-timeout
字串8
Local AAA 字串4
SSH timeout and ssh authentication-retries to minimum number 字串1
Enable only SSH and SCP for access and file transfer to/from the router
字串4
6、保护转发Forwarding Plane
字串1
Enables Cisco Express Forwarding (CEF) or distributed CEF on the router, when available
字串4
Anti-spoofing 字串1
Blocks all IANA reserved IP address blocks
字串4
Blocks private address blocks if customer desires
Installs a default route to NULL 0, if a default route is not being used
Configures TCP intercept for connection-timeout, if TCP intercept feature is available and the user is interested 字串9
Starts interactive configuration for CBAC on interfaces facing the Internet, when using a Cisco IOS Firewall image, 字串3
Enables NetFlow on software forwarding platforms
字串6