Deskripsi
Download ebook Cisco Guide to Harden Cisco IOS Devices
Judul buku: Cisco Guide to Harden Cisco IOS Devices
Bahasa: Inggris
Tebal: 94 halaman
Format buku: PDF
Software: Sumatra PDF Reader
Ukuran: 271KiB
Download: Cisco Guide to Harden Cisco IOS Devices
Konten
Introduction
Prerequisites
Requirements
Components Used
Background Information
Secure Operations
Monitor Cisco Security Advisories and Responses
Leverage Authentication, Authorization, and Accounting
Centralize Log Collection and Monitoring
Use Secure Protocols When Possible
Gain Traffic Visibility with NetFlow
Configuration Management
Management Plane
General Management Plane Hardening
Password Management
Enhanced Password Security
Login Password Retry Lockout
No Service Password-Recovery
Disable Unused Services
EXEC Timeout
Keepalives for TCP Sessions
Management Interface Use
Memory Threshold Notifications
CPU Thresholding Notification
Reserve Memory for Console Access
Memory Leak Detector
Buffer Overflow: Detection and Correction of Redzone Corruption
Enhanced Crashinfo File Collection
Network Time Protocol
Limit Access to the Network with Infrastructure ACLs
ICMP Packet Filtering
Filter IP Fragments
ACL Support for Filtering IP Options
ACL Support to Filter on TTL Value
Secure Interactive Management Sessions
Management Plane Protection
Control Plane Protection
Encrypt Management Sessions
SSHv2
SSHv2 Enhancements for RSA Keys
Console and AUX Ports
Control vty and tty Lines
Control Transport for vty and tty Lines
Warning Banners
Authentication, Authorization, and Accounting
TACACS+ Authentication
Authentication Fallback
Use of Type 7 Passwords
TACACS+ Command Authorization
TACACS+ Command Accounting
Redundant AAA Servers
Fortify the Simple Network Management Protocol
SNMP Community Strings
SNMP Community Strings with ACLs
Infrastructure ACLs
SNMP Views
SNMP Version 3
Management Plane Protection
Logging Best Practices
Send Logs to a Central Location
Logging Level
Do Not Log to Console or Monitor Sessions
Use Buffered Logging
Configure Logging Source Interface
Configure Logging Timestamps
Cisco IOS Software Configuration Management
Configuration Replace and Configuration Rollback
Exclusive Configuration Change Access
Cisco IOS Software Resilient Configuration
Digitally Signed Cisco Software
Configuration Change Notification and Logging
Control Plane
General Control Plane Hardening
IP ICMP Redirects
ICMP Unreachables
Proxy ARP
Limit CPU Impact of Control Plane Traffic
Understand Control Plane Traffic
Infrastructure ACLs
Receive ACLs
Control Plane Policing
Control Plane Protection
Hardware Rate Limiters
Secure BGP
TTL-based Security Protections
BGP Peer Authentication with MD5
Configure Maximum Prefixes
Filter BGP Prefixes with Prefix Lists
Filter BGP Prefixes with Autonomous System Path Access Lists
Secure Interior Gateway Protocols
Routing Protocol Authentication and Verification with Message Digest 5
Passive-Interface Commands
Route Filtering
Routing Process Resource Consumption
Secure First Hop Redundancy Protocols
Data Plane
General Data Plane Hardening
IP Options Selective Drop
Disable IP Source Routing
Disable ICMP Redirects
Disable or Limit IP Directed Broadcasts
Filter Transit Traffic with Transit ACLs
ICMP Packet Filtering
Filter IP Fragments
ACL Support for Filtering IP Options
Anti-Spoofing Protections
Unicast RPF
IP Source Guard
Port Security
Dynamic ARP Inspection
Anti-Spoofing ACLs
Limit CPU Impact of Data Plane Traffic
Features and Traffic Types that Impact the CPU
Filter on TTL Value
Filter on the Presence of IP Options
Control Plane Protection
Traffic Identification and Traceback
NetFlow
Classification ACLs
Access Control with VLAN Maps and Port Access Control Lists
Access Control with VLAN Maps
Access Control with PACLs
Access Control with MAC
Private VLAN Use
Isolated VLANs
Community VLANs
Promiscuous Ports
Conclusion
Acknowledgments
Appendix: Cisco IOS Device Hardening Checklist
Management Plane
Control Plane
Data Plane
