Security Settings | 321 Studios OL-7141-04 specs

Chapter 1 Cisco SDM Express

Security Settings

The firewall protects your network in the following ways:

•Apply default access rules to inside and outside

interfaces—Cisco SDM Express creates and applies a list of default access rules that, among other things, permit DNS and HTTP traffic and deny the private IP address space.

•Apply default inspection rules to outside interface—Cisco SDM Express creates and applies a list of default inspection rules.

•Enable IP Unicast Reverse-Path Forwarding (RPF) on the outside interface—IP Unicast RPF is a feature that causes the router to check the source address of any packet against the interface through which the packet entered the router. If the input interface is not a feasible path to the source address according to the routing table, the packet will be dropped. This source address verification is used to defeat IP spoofing.

If you choose to let the Cisco SDM Express configure the firewall, you can modify the firewall configuration later using Cisco SDM. If you choose not to have a firewall configured, you can configure one later using Cisco SDM Express or Cisco SDM. For more information, click Cisco Router and Security Device Manager.

Security Settings

This window lets you disable features that are on by default in the Cisco IOS software and that can create security risks or make the router send messages at such a high volume that it would use up its available memory. You should leave the check boxes checked unless you know that your requirements are different. This help topic links to descriptions of each security setting that

Cisco SDM Express makes.

You can use Cisco SDM Express to change security settings that you make in this window after you have completed initial configuration. If you want to change any of the individual settings listed under the setting groups described in this help page, you can do so by using Cisco SDM. For more information, click

Cisco Router and Security Device Manager.

	Cisco SDM Express
1-22	OL-7141-04

Image 28

321 Studios OL-7141-04 manual Security Settings

Contents

Cisco SDM Express User’s Guide Cisco SDM Express User’s Guide N T E N T S Contents Cisco SDM Express Edit Mode Contents Welcome A P T E R Basic Configuration Username and Password FieldsHostname Field Domain Name Field Router Provisioning Enable Secret Password FieldSDM Express Provision From USB Token USB Token or USB FlashSecure Device Provisioning CNS Server Provision From USB Flash File Selection Wireless Interface Configuration LAN Interface ConfigurationName Size Wireless Parameters Fields Interface/Bridge-to-Interface ListIP Address Field Subnet Mask Field Dhcp Server Configuration Enable Dhcp server on the LAN interface Check BoxRefresh, Apply Changes, Discard Changes Buttons Starting IP Address Field Primary Domain Name Server Field Ending IP Address FieldSecondary Domain Name Server Field Enable PPPoE Check Box Internet WAN Ethernet InterfaceUse these DNS values for Dhcp clients Check Box Address Type List Authentication Type Check Box Password FieldConfirm Password Field Username Field Internet WAN Autodetect Encapsulation Status Icon and Enable or Disable ButtonInternet WAN User Specified Encapsulation Virtual Path Identifier Field Encapsulation ListVirtual Circuit Identifier Field IP Address for Remote Connection in Central Office Field WAN Interface Selection Enable or Disable ButtonAdd Connection, Edit, Delete Buttons Interface List Serial ConnectionRefresh Button Frame Relay Configuration Settings Link IP Address and Subnet Mask Fields Frame Relay Configuration Settings Dlci FieldLMI Type Field Use Ietf Frame Relay Encapsulation Check Box Internet WAN Advanced Options CNS Server Information Primary DNS Field Firewall ConfigurationSecondary DNS Field Security Settings Disable Snmp Services on Your Router Check Box Disable Services that Involve Security Risks Check Box Encrypt Passwords Check Box Enhance Security on Router Access Check BoxSummary Supplementary Help Cisco Network ServicesCisco Router and Security Device Manager Security Settings Disable Snmp Disable Finger Service Disable PAD Service Disable TCP Small Servers Service Disable UDP Small Servers Service Disable IP Bootp Server Service Disable IP Identification Service Disable CDP Disable IP Source Route Enable Password Encryption Service Enable Netflow Switching Enable TCP Keepalives for Inbound Telnet Sessions Enable Sequence Numbers and Time Stamps on Debugs Enable TCP Keepalives for Outbound Telnet SessionsEnable IP CEF Set Scheduler Interval Set Scheduler Allocate Set TCP Synwait Time Enable Logging Enable Unicast RPF on Outside Interfaces Disable IP Gratuitous ARPs Disable IP Redirects Disable IP Proxy ARP Disable IP Directed Broadcast Disable MOP Service Disable IP Unreachables Disable IP Mask Reply Set Minimum Password Length to Less Than 6 Characters Set Authentication Failure Rate to Less Than 3 Retries Set Banner Enable Telnet Settings Enable SSH for Access to the Router Help Button Cisco SDM Express ButtonsAbout Button Reconnecting to the Router After Initial Configuration Exit ButtonApply Changes Button Discard Changes Button Testing Your WAN Internet Connection SDP Troubleshooting Tips Troubleshooting Tips Icons OverviewLAN Fields Internet WAN Fields Firewall Fields Username/Login Password/Password is Encrypted Fields Edit/Delete Buttons Encrypt password using MD5 hash algorithm Checkbox Bridge/Do not bridge LAN interface with wireless CheckboxEdit a Username Refresh/Apply Changes/Discard Changes Buttons Wireless WAN-Unable to Configure WAN InterfaceLAN interface configuration Fields No WAN Available Delete Connection Enable Firewall/Disable Firewall ButtonsFirewall Unable to configure Firewall Window Unable to Configure NAT Add or Edit Address Translation Rule Routing Disable Services that Involve Security Risks Checkbox Select All Recommended by Cisco Checkbox Encrypt Passwords Checkbox Synchronize with my local PC clock Checkbox Tools Ping Update SDM from Cisco.com To clear the output of the ping commandSource Field Destination Field Update SDM from CD Update SDM from Local PCCCO Login Synchronize Checkbox Date and Time PropertiesEdit Date and Time Fields Reset to Factory Defaults Save Running Config to PCWrite down these steps and then reset the router Apply Button Reconfiguring Your PC with a Static or a Dynamic IP Address Microsoft Windows NT Feature Not Available Cisco SDM Express Edit Mode Feature Not Available D E IN-2