CCSP SelfStudy CCSP CSI: Exam Certification Guide, Second Edition [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

CCSP SelfStudy CCSP CSI: Exam Certification Guide, Second Edition [Electronic resources] - نسخه متنی

Tebyan

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
ارسال به دوستان
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات
توضیحات
افزودن یادداشت جدید





  • CatOS Switches


    The generic security configuration used within Cisco CatOS switches is described in the following steps:


    Step 1.

    Shut down all unneeded services by issuing the following commands:


    set ip http server disable
    set cdp disable

    Step 2.

    Set passwords and access restrictions. Enable AAA.

    To set passwords, use the following:


    set password
    set enable

    Set access restrictions with the following commands:


    set ip permit enable telnet
    set ip permit management-host-address 255.255.255.255 telnet

    Enable AAA with the following:


    set tacacs server tacacs-server-address
    set tacacs key key
    set authentication login local enable
    set authentication login tacacs enable
    set authorization exec enable tacacs+ none both
    aaa authorization exec default group tacacs+ local
    aaa accounting exec enable start-stop tacacs+

    Step 3.

    Turn on logging and SNMP capability.

    To enable Syslog, use the following commands:


    set logging syslog_server_address
    set logging timestamp enable

    To enable SNMP, use the following commands:


    set snmp community read-only community-string
    set ip permit enable snmp
    set ip permit management-host-address snmp

    Step 4.

    Enable and secure NTP with these commands:


    set ntp authentication enable
    set ntp key 1 trusted md5 ntp-key
    set ntp trusted-key 1
    set ntp server ntp-server-address key 1
    set ntp client enable

    Step 5.

    Enable the use of a banner message with the following:


    set banner motd #
    Banner Message Text
    #

    Refer to Example B-1 to see a typical banner text message.


    NOTE

    Remember that the commands and configurations that are shown in this appendix are just examples of the generic hardening of security on Cisco routers and switches and by no means define the limits to which these devices can be secured. Other best practices such as RFC 1918 and RFC 2827 filtering should also be adopted as well as those detailed in the various SAFE white papers, which you can review at Cisco.com by searching for "SAFE."

  • / 290