321 Studios OL-7141-04 manual Disable Finger Service, Disable PAD Service

Page 33

Chapter 1 Cisco SDM Express

Supplementary Help

widely used for router monitoring, and frequently for router configuration changes. Version 1 of SNMP, however, which is the most commonly used, is often a security risk for the following reasons:

•It uses authentication strings (passwords) called community strings which are stored and sent across the network in plain text.

•Most SNMP implementations send those strings repeatedly as part of periodic polling.

•It is an easily spoofable, datagram-based transaction protocol.

Because SNMP can be used to retrieve a copy of the network routing table and sensitive network information, we recommend disabling SNMP if your network does not require it. Cisco SDM Express will initially request to disable SNMP.

The configuration that will be delivered to the router to disable SNMP is as follows:

no snmp-server

Disable Finger Service

Cisco SDM Express disables the finger service whenever possible. Finger is used to learn which users are logged into a network device. Although this information is often not highly sensitive, it can sometimes be useful to an attacker.

In addition, the finger service can be used in a specific type of Denial-of-Service (DoS) attack called “Finger of death,” which involves sending a finger request to a specific computer every minute, but never disconnecting.

The configuration that will be delivered to the router to disable the Finger service is as follows:

no service finger

You can undo this fix using the SDM Security Audit feature. To learn how, For more information, click Cisco Router and Security Device Manager.

Disable PAD Service

Cisco SDM Express disables all packet assembler/disassembler (PAD) commands and connections between PAD devices and access servers whenever possible.

		Cisco SDM Express
		Cisco SDM Express
	OL-7141-04			1-27
	OL-7141-04			1-27

Image 33

Contents Cisco SDM Express User’s Guide Cisco SDM Express User’s Guide N T E N T S Contents Cisco SDM Express Edit Mode Contents A P T E R WelcomeUsername and Password Fields Basic ConfigurationHostname Field Domain Name FieldEnable Secret Password Field Router ProvisioningSDM Express USB Token or USB Flash Provision From USB TokenSecure Device Provisioning CNS ServerProvision From USB Flash File Selection LAN Interface Configuration Wireless Interface ConfigurationName SizeInterface/Bridge-to-Interface List Wireless Parameters FieldsIP Address Field Subnet Mask FieldEnable Dhcp server on the LAN interface Check Box Dhcp Server ConfigurationRefresh, Apply Changes, Discard Changes Buttons Starting IP Address FieldEnding IP Address Field Primary Domain Name Server FieldSecondary Domain Name Server Field Internet WAN Ethernet Interface Enable PPPoE Check BoxUse these DNS values for Dhcp clients Check Box Address Type ListPassword Field Authentication Type Check BoxConfirm Password Field Username FieldStatus Icon and Enable or Disable Button Internet WAN Autodetect EncapsulationInternet WAN User Specified Encapsulation Encapsulation List Virtual Path Identifier FieldVirtual Circuit Identifier Field IP Address for Remote Connection in Central Office Field Enable or Disable Button WAN Interface SelectionAdd Connection, Edit, Delete Buttons Serial Connection Interface ListRefresh Button IP Address and Subnet Mask Fields Frame Relay Configuration Settings LinkDlci Field Frame Relay Configuration SettingsLMI Type Field Use Ietf Frame Relay Encapsulation Check BoxCNS Server Information Internet WAN Advanced OptionsFirewall Configuration Primary DNS FieldSecondary DNS Field Security Settings Disable Services that Involve Security Risks Check Box Disable Snmp Services on Your Router Check BoxEnhance Security on Router Access Check Box Encrypt Passwords Check BoxSummary Cisco Network Services Supplementary HelpCisco Router and Security Device Manager Disable Snmp Security SettingsDisable PAD Service Disable Finger ServiceDisable TCP Small Servers Service Disable IP Bootp Server Service Disable UDP Small Servers ServiceDisable CDP Disable IP Identification ServiceEnable Password Encryption Service Disable IP Source RouteEnable TCP Keepalives for Inbound Telnet Sessions Enable Netflow SwitchingEnable TCP Keepalives for Outbound Telnet Sessions Enable Sequence Numbers and Time Stamps on DebugsEnable IP CEF Set Scheduler Allocate Set Scheduler IntervalSet TCP Synwait Time Enable Unicast RPF on Outside Interfaces Enable LoggingDisable IP Redirects Disable IP Gratuitous ARPsDisable IP Directed Broadcast Disable IP Proxy ARPDisable IP Unreachables Disable MOP ServiceSet Minimum Password Length to Less Than 6 Characters Disable IP Mask ReplySet Banner Set Authentication Failure Rate to Less Than 3 RetriesEnable SSH for Access to the Router Enable Telnet SettingsCisco SDM Express Buttons Help ButtonAbout Button Exit Button Reconnecting to the Router After Initial ConfigurationApply Changes Button Discard Changes ButtonTesting Your WAN Internet Connection Troubleshooting Tips SDP Troubleshooting TipsOverview IconsLAN Fields Firewall Fields Internet WAN FieldsEdit/Delete Buttons Username/Login Password/Password is Encrypted FieldsBridge/Do not bridge LAN interface with wireless Checkbox Encrypt password using MD5 hash algorithm CheckboxEdit a Username Refresh/Apply Changes/Discard Changes ButtonsWAN-Unable to Configure WAN Interface WirelessLAN interface configuration Fields No WAN AvailableEnable Firewall/Disable Firewall Buttons Delete ConnectionFirewall Unable to Configure NAT Unable to configure Firewall WindowAdd or Edit Address Translation Rule Routing Select All Recommended by Cisco Checkbox Disable Services that Involve Security Risks CheckboxSynchronize with my local PC clock Checkbox Encrypt Passwords CheckboxPing ToolsTo clear the output of the ping command Update SDM from Cisco.comSource Field Destination FieldUpdate SDM from Local PC Update SDM from CDCCO Login Date and Time Properties Synchronize CheckboxEdit Date and Time Fields Save Running Config to PC Reset to Factory DefaultsWrite down these steps and then reset the router Apply ButtonReconfiguring Your PC with a Static or a Dynamic IP Address Microsoft Windows NT Feature Not Available Cisco SDM Express Edit Mode Feature Not Available D E IN-2