Tag: no ip http server
Harden your cisco router
by Rootadmin on Jul.18, 2009, under Cisco
|
Commmand |
Description |
|
no ip tcp-small-servers |
If you disable the minor TCP/IP servers, access to the Echo, Discard, Chargen, and Daytime ports cause the Cisco IOS® software to send a TCP RESET packet to the sender and discard the original incoming packet. |
|
no ip udp-small-servers |
If you disable the servers, access to Echo, Discard, and Chargen ports causes the Cisco IOS® software to send an “ICMP port unreachable” message to the sender and discard the original incoming packet. |
|
no ip bootp server |
This will send an ICMP port unreachable message to the sender and discard the original incoming packet |
|
no service finger |
This is the equivalent of a remote show users command – disable it |
|
no ip source route |
Disallow IP Source routing. |
|
no ip ident |
IP Identd will return accurate information about the host TCP port, disabled this |
|
no ip http server |
This is very important considering IOS® HTTP Authorization vulnerability. This will remove the ability to use http to manage Cisco devices. |
|
no ip http secure-server |
This is very important considering IOS® HTTP Authorization vulnerability. This will remove the ability to use http to manage Cisco devices. |
|
no cdp run |
to prevent reconnaissance against yoru network |
|
ntp disable |
If you need to run NTP, run NTP securely |
|
(Config-if) shutdown |
Shutdown all unused interfaces |
|
(Config-if) no ip proxy-arp |
This prevents internal addresses from being revealed |
|
(Config-if)no ip directed-broadcast |
Apply this to all interfaces that shouldn’t forward legitimate directed broadcasts |
-
Howdy. Welcome to RootAdmin.co.uk!
Thanks for dropping by! Feel free to stay updated by subscribing to the RSS feed. See ya around!
