Table of Contents
Advertisement
Fix It Page
Enable IP CEF
Disable IP Gratuitous ARPs
Set Minimum Password Length to Less Than 6 Characters
Cisco Router and Security Device Manager Version 2.2 User's Guide
16-12
service sequence-numbers
Security Audit enables Cisco Express Forwarding (CEF) or Distributed Cisco
Express Forwarding (DCEF) whenever possible. Because there is no need to build
cache entries when traffic starts arriving at new destinations, CEF behaves more
predictably than other modes when presented with large volumes of traffic
addressed to many destinations. Routes configured for CEF perform better under
SYN attacks than routers using the traditional cache.
The configuration that will be delivered to the router to enable CEF is as follows:
ip cef
Security Audit disables IP gratuitous Address Resolution Protocol (ARP) requests
whenever possible. A gratuitous ARP is an ARP broadcast in which the source
and destination MAC addresses are the same. It is used primarily by a host to
inform the network about its IP address. A spoofed gratuitous ARP message can
cause network mapping information to be stored incorrectly, causing network
malfunction.
To disable gratuitous ARPs, the following configuration will be delivered to the
router:
no ip gratuitous-arps
This fix can be undone. To learn how, click
Security Audit configures your router to require a minimum password length of
six characters whenever possible. One method attackers use to crack passwords is
to try all possible combinations of characters until the password is discovered.
Longer passwords have exponentially more possible combinations of characters,
making this method of attack much more difficult.
Chapter 16
Undoing Security Audit
Security Audit
Fixes.
OL-4015-08
Advertisement
Table of Contents
Troubleshooting
