Router(config)#service tcp-keepalives-in Allows a router to detect
when the host with which
it is communicating
experiences a failure
Router(config)#service tcp-keepalives-out Allows a router to detect
when the host with which
it is communicating
experiences a failure
NOTE: TCP keepalives
are sent once every
minute and connection
is closed if no keepalives
are detected after
5 minutes.
76 Locking Down Routers with AutoSecure
Gratuitous and Proxy Address Resolution Protocol
Disabling IP Directed Broadcasts
Locking Down Routers with AutoSecure
AutoSecure is a single privileged EXEC program that allows you to eliminate many
potential security threats quickly and easily. AutoSecure helps to make you more ef?¬?cient
at securing Cisco routers. Cisco AutoSecure is available in Cisco IOS Software Major
Release 12.3 and subsequent 12.3 T releases for the Cisco 800, 1700, 2600, 3600, 3700,
7200, and 7500 Series routers.
Router(config)#no ip gratuitous-arps Instructs the router to not
generate gratuitous ARPs
for PPP/SLIP peer
addresses
Router(config)#interface serial 0/0/1 Moves to interface
con?¬?guration mode
Router(config)#no ip proxy-arp Disables proxy ARP on
the speci?¬?ed interface
Router(config)#interface gigabitethernet 0/0 Moves to interface
con?¬?guration mode
Router(config-if)#no ip directed-broadcast Speci?¬?es that directed
broadcasts destined for the
subnet to which that
interface is attached will
be dropped, rather than
being broadcast
Locking Down Routers with AutoSecure 77
2821Router#auto secure Enters AutoSecure
con?¬?guration mode
--- AutoSecure Configuration ---
*** AutoSecure configuration enhances the
security of
the router, but it will not make it absolutely
resistant
to all security attacks ***
AutoSecure will modify the configuration of
your device.
Pages:
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77