Chapter 1 Cisco SDM Express
Supplementary Help
The configuration that will be delivered to the router to disable BOOTP is as follows:
no ip bootp server
You can undo this fix using the Cisco SDM Security Audit feature. To learn how, see the Security Audit online help in Cisco SDM. For more information, click Cisco Router and Security Device Manager.
Disable IP Identification Service
Cisco SDM Express disables identification support whenever possible. Identification support allows you to query a TCP port for identification. This feature enables an unsecure protocol to report the identity of a client initiating a TCP connection and a host responding to the connection. With identification support, you can connect a TCP port on a host, issue a simple text string to request information, and receive a simple
It is dangerous to allow any system on a directly connected segment to learn that the router is a Cisco device and to determine the model number and the Cisco IOS software release being run. This information may be used to design attacks against the router.
The configuration that will be delivered to the router to disable the IP identification service is as follows:
no ip identd
You can undo this fix using the Cisco SDM Security Audit feature. To learn how, see the Security Audit online help in Cisco SDM. For more information, click Cisco Router and Security Device Manager.
Disable CDP
Cisco SDM Express disables Cisco Discovery Protocol whenever possible. Cisco Discovery Protocol is a proprietary protocol that Cisco routers use to identify each other on a LAN segment. This is dangerous in that it allows any system on a directly connected segment to learn that the router is a Cisco device and to determine the model number and the Cisco IOS software release being run. This information may be used to design attacks against the router.
The configuration that will be delivered to the router to disable
Cisco Discovery Protocol is as follows:
| Cisco SDM Express |