Table of Contents
Advertisement
Command Reference Guide
Violation Type
Time-Server
Logging
Domain Lookup
Interfaces
Enable Password
Banner
TCL Scripts
Usage Examples
The following example initiates the security audit and saves the results to a log file in flash memory:
>enable
#run audit security log
Audit Complete
60000CRG0-35E
Severity Description
High
Indicates the time server (SNTP or NTP) is not configured or is
configured but not synchronized. It is important to have a valid
timestamp on all logs generated by the system.
Medium
Indicates user activity is not being logged. User activity should be
logged either by enabling syslog or TACACS+ accounting. (The
syslog can be enabled by using the logging forwarding on
command.)
Medium
Indicates ip domain-lookup is enabled but a DNS server has not
been configured. This allows DNS requests to be broadcast.
Medium
Identifies the following interface vulnerabilities:
•
The ip directed-broadcast is enabled which could make an
interface vulnerable to denial of service attacks.
•
A static ACL assigned to an interface. A more secure option is to
enable the firewall and assign an ACP.
Low
Indicates the enable password is not set for MD5 encryption. MD5
encryption is more secure than standard password encryption.
Low
Indicates the default executive banner is still set. It is recommended
that a custom banner be displayed when a user attempts to login.
The banner warns of the legal consequences of unauthorized
access to the unit.
Low
Indicates Tcl scripting is enabled. Scripts could cause damage to
configuration of the unit.
Copyright © 2012 ADTRAN, Inc.
Enable Mode Command Set
411
- Quick Links:
- Basic Mode Command Set
Hide quick links:
Advertisement
Table of Contents
