321 Studios OL-7141-04 manual Disable IP Source Route, Enable Password Encryption Service

Page 37

Chapter 1 Cisco SDM Express

Supplementary Help

no cdp run

You can undo this fix using the Cisco SDM Security Audit feature. To learn how, see the Security Audit online help in Cisco SDM. For more information, click Cisco Router and Security Device Manager.

Disable IP Source Route

Cisco SDM Express disables IP source routing whenever possible. The IP protocol supports source routing options that allow the sender of an IP datagram to control the route that the datagram will take toward its ultimate destination, and generally the route that any reply will take. These options are rarely used for legitimate purposes in networks. Some older IP implementations do not process source-routed packets properly, and it may be possible to crash machines running these implementations by sending them datagrams with source routing options.

Disabling IP source routing will cause a Cisco router to never forward an IP packet that carries a source routing option.

The configuration that will be delivered to the router to disable IP source routing is as follows:

no ip source-route

You can undo this fix using the Cisco SDM Security Audit feature. To learn how, see the Security Audit online help in Cisco SDM. For more information, click Cisco Router and Security Device Manager.

Enable Password Encryption Service

Cisco SDM Express enables password encryption whenever possible. Password encryption directs the Cisco IOS software to encrypt the passwords, Challenge Handshake Authentication Protocol (CHAP) secrets, and similar data that are saved in its configuration file. This is useful for preventing casual observers from reading passwords, for example, when they happen to look over an administrator’s shoulder.

The configuration that will be delivered to the router to enable password encryption is as follows:

service password-encryption

		Cisco SDM Express
		Cisco SDM Express
	OL-7141-04			1-31
	OL-7141-04			1-31

Image 37

Contents Cisco SDM Express User’s Guide Cisco SDM Express User’s Guide N T E N T S Contents Cisco SDM Express Edit Mode Contents A P T E R WelcomeUsername and Password Fields Basic ConfigurationHostname Field Domain Name FieldRouter Provisioning Enable Secret Password FieldSDM Express USB Token or USB Flash Provision From USB TokenSecure Device Provisioning CNS ServerProvision From USB Flash File Selection LAN Interface Configuration Wireless Interface ConfigurationName SizeInterface/Bridge-to-Interface List Wireless Parameters FieldsIP Address Field Subnet Mask FieldEnable Dhcp server on the LAN interface Check Box Dhcp Server ConfigurationRefresh, Apply Changes, Discard Changes Buttons Starting IP Address FieldPrimary Domain Name Server Field Ending IP Address FieldSecondary Domain Name Server Field Internet WAN Ethernet Interface Enable PPPoE Check BoxUse these DNS values for Dhcp clients Check Box Address Type ListPassword Field Authentication Type Check BoxConfirm Password Field Username FieldInternet WAN Autodetect Encapsulation Status Icon and Enable or Disable ButtonInternet WAN User Specified Encapsulation Virtual Path Identifier Field Encapsulation ListVirtual Circuit Identifier Field IP Address for Remote Connection in Central Office Field WAN Interface Selection Enable or Disable ButtonAdd Connection, Edit, Delete Buttons Interface List Serial ConnectionRefresh Button IP Address and Subnet Mask Fields Frame Relay Configuration Settings LinkDlci Field Frame Relay Configuration SettingsLMI Type Field Use Ietf Frame Relay Encapsulation Check BoxCNS Server Information Internet WAN Advanced OptionsPrimary DNS Field Firewall ConfigurationSecondary DNS Field Security Settings Disable Services that Involve Security Risks Check Box Disable Snmp Services on Your Router Check BoxEncrypt Passwords Check Box Enhance Security on Router Access Check BoxSummary Supplementary Help Cisco Network ServicesCisco Router and Security Device Manager Disable Snmp Security SettingsDisable PAD Service Disable Finger ServiceDisable TCP Small Servers Service Disable IP Bootp Server Service Disable UDP Small Servers ServiceDisable CDP Disable IP Identification ServiceEnable Password Encryption Service Disable IP Source RouteEnable TCP Keepalives for Inbound Telnet Sessions Enable Netflow SwitchingEnable Sequence Numbers and Time Stamps on Debugs Enable TCP Keepalives for Outbound Telnet SessionsEnable IP CEF Set Scheduler Allocate Set Scheduler IntervalSet TCP Synwait Time Enable Unicast RPF on Outside Interfaces Enable LoggingDisable IP Redirects Disable IP Gratuitous ARPsDisable IP Directed Broadcast Disable IP Proxy ARPDisable IP Unreachables Disable MOP ServiceSet Minimum Password Length to Less Than 6 Characters Disable IP Mask ReplySet Banner Set Authentication Failure Rate to Less Than 3 RetriesEnable SSH for Access to the Router Enable Telnet SettingsHelp Button Cisco SDM Express ButtonsAbout Button Exit Button Reconnecting to the Router After Initial ConfigurationApply Changes Button Discard Changes ButtonTesting Your WAN Internet Connection Troubleshooting Tips SDP Troubleshooting TipsIcons OverviewLAN Fields Firewall Fields Internet WAN FieldsEdit/Delete Buttons Username/Login Password/Password is Encrypted FieldsBridge/Do not bridge LAN interface with wireless Checkbox Encrypt password using MD5 hash algorithm CheckboxEdit a Username Refresh/Apply Changes/Discard Changes ButtonsWAN-Unable to Configure WAN Interface WirelessLAN interface configuration Fields No WAN AvailableDelete Connection Enable Firewall/Disable Firewall ButtonsFirewall Unable to Configure NAT Unable to configure Firewall WindowAdd or Edit Address Translation Rule Routing Select All Recommended by Cisco Checkbox Disable Services that Involve Security Risks CheckboxSynchronize with my local PC clock Checkbox Encrypt Passwords CheckboxPing ToolsTo clear the output of the ping command Update SDM from Cisco.comSource Field Destination FieldUpdate SDM from CD Update SDM from Local PCCCO Login Synchronize Checkbox Date and Time PropertiesEdit Date and Time Fields Save Running Config to PC Reset to Factory DefaultsWrite down these steps and then reset the router Apply ButtonReconfiguring Your PC with a Static or a Dynamic IP Address Microsoft Windows NT Feature Not Available Cisco SDM Express Edit Mode Feature Not Available D E IN-2