Table of Contents
Advertisement
Chapter 24
Security Audit
Disable IP Identification Service
Disable CDP
OL-4015-12
The configuration that will be delivered to the router to disable BOOTP is as
follows:
no ip bootp server
This fix can be undone. To learn how, click
Security Audit disables identification support whenever possible. Identification
support allows you to query a TCP port for identification. This feature enables an
unsecure protocol to report the identity of a client initiating a TCP connection and
a host responding to the connection. With identification support, you can connect
a TCP port on a host, issue a simple text string to request information, and receive
a simple text-string reply.
It is dangerous to allow any system on a directly connected segment to learn that
the router is a Cisco device and to determine the model number and the Cisco IOS
software version being run. This information may be used to design attacks
against the router.
The configuration that will be delivered to the router to disable the IP
identification service is as follows:
no ip identd
This fix can be undone. To learn how, click
Security Audit disables Cisco Discovery Protocol (CDP) whenever possible. CDP
is a proprietary protocol that Cisco routers use to identify each other on a LAN
segment. This is dangerous in that it allows any system on a directly connected
segment to learn that the router is a Cisco device and to determine the model
number and the Cisco IOS software version being run. This information may be
used to design attacks against the router.
The configuration that will be delivered to the router to disable CDP is as follows:
no cdp run
This fix can be undone. To learn how, click
Cisco Router and Security Device Manager 2.5 User's Guide
Undoing Security Audit
Undoing Security Audit
Undoing Security Audit
Fix It Page
Fixes.
Fixes.
Fixes.
24-9
Advertisement
Table of Contents
Troubleshooting
