Chapter 16
Security Audit
One-Step Lockdown
OL-4015-08
This option tests you router configuration for any potential security problems and
automatically makes any necessary configuration changes to correct any problems
found. The conditions checked for and, if needed, corrected are as follows:
Disable Finger Service
•
Disable PAD Service
•
Disable TCP Small Servers Service
•
Disable UDP Small Servers Service
•
•
Disable IP BOOTP Server Service
Disable IP Identification Service
•
Disable CDP
•
Disable IP Source Route
•
Enable Password Encryption Service
•
Enable TCP Keepalives for Inbound Telnet Sessions
•
Enable TCP Keepalives for Outbound Telnet Sessions
•
Enable Sequence Numbers and Time Stamps on Debugs
•
Enable IP CEF
•
Disable IP Gratuitous ARPs
•
Set Minimum Password Length to Less Than 6 Characters
•
Set Authentication Failure Rate to Less Than 3 Retries
•
Set TCP Synwait Time
•
•
Set Banner
Enable Logging
•
Set Enable Secret Password
•
Disable SNMP
•
Set Scheduler Interval
•
Set Scheduler Allocate
•
Set Users
•
Enable Telnet Settings
•
Cisco Router and Security Device Manager Version 2.2 User's Guide
16-3