Chapter 1 Cisco SDM Express
Supplementary Help
The configuration that will be delivered to the router to disable ICMP host unreachable messages is as follows:
int
no ip unreachables
You can undo this fix using the Cisco SDM Security Audit feature. To learn how, see the Security Audit online help in Cisco SDM. For more information, click Cisco Router and Security Device Manager.
Disable IP Mask Reply
Cisco SDM Express disables Internet Message Control Protocol (ICMP) mask reply messages whenever possible. ICMP supports IP traffic by relaying information about paths, routes, and network conditions. ICMP mask reply messages are sent when a network device must know the subnet mask for a particular subnetwork in the internetwork. ICMP mask reply messages are sent to the device requesting the information by devices that have the requested information. These messages can be used by an attacker to gain network mapping information.
The configuration that will be delivered to the router to disable ICMP mask reply messages is as follows:
no ip
You can undo this fix using the Cisco SDM Security Audit feature. To learn how, see the Security Audit online help in Cisco SDM. For more information, click Cisco Router and Security Device Manager.
Set Minimum Password Length to Less Than 6 Characters
Cisco SDM Express configures your router to require a minimum password length of 6 characters whenever possible. One method attackers use to crack passwords is to try all possible combinations of characters until the password is discovered. Longer passwords have exponentially more possible combinations of characters, making this method of attack much more difficult.
This configuration change will require every password on the router, including the user, enable, secret, console, AUX, tty, and vty passwords, to be at least 6 characters in length. This configuration change will be made only if the Cisco IOS version running on your router supports the minimum password length feature.
| Cisco SDM Express |