Saturday, October 31, 2009

Security Services

Went through sdm one-touch lockdown, and scanned with nmap. Also used cli's autosecure mechanism. Both actually work pretty nicely. Then did a brief "Services" lab where the portfolio had me disable services globally, and on an interface. Here is the code:


Router(config)#no ip finger
Router(config)#no service udp-small-servers
Router(config)#no service tcp-small-servers
Router(config)#service tcp-keepalives-in
Router(config)#service tcp-keepalives-out
Router(config)#no cdp run
Router(config)#no service pad
Router(config)#no ip bootp server
Router(config)#no ip http server
Router(config)#ip http secure-server
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]

*Mar 1 07:06:02.235: %SSH-5-ENABLED: SSH 1.99 has been enabled

Router(config)#no ip source-route
Router(config)#no ip gratuitous-arps
Router(config)#int fa0/0
Router(config-if)#no ip redirects
Router(config-if)#no ip proxy-arp
Router(config-if)#no ip unreachables
Router(config-if)#no ip directed-broadcast
Router(config-if)#no ip mask-reply
Router(config-if)#no mop enabled


Read about what each of these items was in the book. Hopefully I can use this page as notes later to quiz myself. LAB 5-3 ISCW portfolio

No comments:

Post a Comment