Table of Contents
Advertisement
Chapter 24
Security Audit
Enable TCP Keepalives for Inbound Telnet Sessions
Enable TCP Keepalives for Outbound Telnet Sessions
Enable Sequence Numbers and Time Stamps on Debugs
OL-4015-12
Security Audit enables TCP keep alive messages for both inbound and outbound
Telnet
sessions whenever possible. Enabling TCP keep alives causes the router to
generate periodic keep alive messages, letting it detect and drop broken Telnet
connections.
The configuration that will be delivered to the router to enable TCP keep alives
for inbound Telnet sessions is as follows:
service tcp-keepalives-in
This fix can be undone. To learn how, click
Security Audit enables TCP keep alive messages for both inbound and outbound
Telnet
sessions whenever possible. Enabling TCP keep alives causes the router to
generate periodic keep alive messages, letting it detect and drop broken Telnet
connections.
The configuration that will be delivered to the router to enable TCP keep alives
for outbound Telnet sessions is as follows:
service tcp-keepalives-out
This fix can be undone. To learn how, click
Security Audit enables sequence numbers and time stamps on all debug and log
messages whenever possible. Time stamps on debug and log messages indicate
the time and date that the message was generated. Sequence numbers indicate the
sequence in which messages that have identical time stamps were generated.
Knowing the timing and sequence that messages are generated is an important
tool in diagnosing potential attacks.
The configuration that will be delivered to the router to enable time stamps and
sequence numbers is as follows:
service timestamps debug datetime localtime show-timezone msec
service timestamps log datetime localtime show-timeout msec
Cisco Router and Security Device Manager 2.5 User's Guide
Undoing Security Audit
Undoing Security Audit
Fix It Page
Fixes.
Fixes.
24-11
Advertisement
Table of Contents
Troubleshooting
