Manuals / 321 Studios / Communications / Two-Way Radio

321 Studios OL-7141-04 manual Disable IP Identification Service, Disable CDP

Models: OL-7141-04

1 74

Download 74 pages 17 Kb

Page 36

Chapter 1 Cisco SDM Express

Supplementary Help

The configuration that will be delivered to the router to disable BOOTP is as follows:

no ip bootp server

You can undo this fix using the Cisco SDM Security Audit feature. To learn how, see the Security Audit online help in Cisco SDM. For more information, click Cisco Router and Security Device Manager.

Disable IP Identification Service

Cisco SDM Express disables identification support whenever possible. Identification support allows you to query a TCP port for identification. This feature enables an unsecure protocol to report the identity of a client initiating a TCP connection and a host responding to the connection. With identification support, you can connect a TCP port on a host, issue a simple text string to request information, and receive a simple text-string reply.

It is dangerous to allow any system on a directly connected segment to learn that the router is a Cisco device and to determine the model number and the Cisco IOS software release being run. This information may be used to design attacks against the router.

The configuration that will be delivered to the router to disable the IP identification service is as follows:

no ip identd

You can undo this fix using the Cisco SDM Security Audit feature. To learn how, see the Security Audit online help in Cisco SDM. For more information, click Cisco Router and Security Device Manager.

Disable CDP

Cisco SDM Express disables Cisco Discovery Protocol whenever possible. Cisco Discovery Protocol is a proprietary protocol that Cisco routers use to identify each other on a LAN segment. This is dangerous in that it allows any system on a directly connected segment to learn that the router is a Cisco device and to determine the model number and the Cisco IOS software release being run. This information may be used to design attacks against the router.

The configuration that will be delivered to the router to disable

Cisco Discovery Protocol is as follows:

	Cisco SDM Express
1-30	OL-7141-04

Image 36

321 Studios OL-7141-04 manual Disable IP Identification Service, Disable CDP

Contents

Cisco SDM Express User’s Guide Cisco SDM Express User’s Guide N T E N T S Contents Cisco SDM Express Edit Mode Contents Welcome A P T E RBasic Configuration Username and Password FieldsHostname Field Domain Name FieldEnable Secret Password Field Router ProvisioningSDM Express Provision From USB Token USB Token or USB FlashSecure Device Provisioning CNS ServerProvision From USB Flash File Selection Wireless Interface Configuration LAN Interface ConfigurationName SizeWireless Parameters Fields Interface/Bridge-to-Interface ListIP Address Field Subnet Mask FieldDhcp Server Configuration Enable Dhcp server on the LAN interface Check BoxRefresh, Apply Changes, Discard Changes Buttons Starting IP Address FieldEnding IP Address Field Primary Domain Name Server FieldSecondary Domain Name Server Field Enable PPPoE Check Box Internet WAN Ethernet InterfaceUse these DNS values for Dhcp clients Check Box Address Type ListAuthentication Type Check Box Password FieldConfirm Password Field Username FieldStatus Icon and Enable or Disable Button Internet WAN Autodetect EncapsulationInternet WAN User Specified Encapsulation Encapsulation List Virtual Path Identifier FieldVirtual Circuit Identifier Field IP Address for Remote Connection in Central Office Field Enable or Disable Button WAN Interface SelectionAdd Connection, Edit, Delete Buttons Serial Connection Interface ListRefresh Button Frame Relay Configuration Settings Link IP Address and Subnet Mask FieldsFrame Relay Configuration Settings Dlci FieldLMI Type Field Use Ietf Frame Relay Encapsulation Check BoxInternet WAN Advanced Options CNS Server InformationFirewall Configuration Primary DNS FieldSecondary DNS Field Security Settings Disable Snmp Services on Your Router Check Box Disable Services that Involve Security Risks Check BoxEnhance Security on Router Access Check Box Encrypt Passwords Check BoxSummary Cisco Network Services Supplementary HelpCisco Router and Security Device Manager Security Settings Disable SnmpDisable Finger Service Disable PAD ServiceDisable TCP Small Servers Service Disable UDP Small Servers Service Disable IP Bootp Server ServiceDisable IP Identification Service Disable CDPDisable IP Source Route Enable Password Encryption ServiceEnable Netflow Switching Enable TCP Keepalives for Inbound Telnet SessionsEnable TCP Keepalives for Outbound Telnet Sessions Enable Sequence Numbers and Time Stamps on DebugsEnable IP CEF Set Scheduler Interval Set Scheduler AllocateSet TCP Synwait Time Enable Logging Enable Unicast RPF on Outside InterfacesDisable IP Gratuitous ARPs Disable IP RedirectsDisable IP Proxy ARP Disable IP Directed BroadcastDisable MOP Service Disable IP UnreachablesDisable IP Mask Reply Set Minimum Password Length to Less Than 6 CharactersSet Authentication Failure Rate to Less Than 3 Retries Set BannerEnable Telnet Settings Enable SSH for Access to the RouterCisco SDM Express Buttons Help ButtonAbout Button Reconnecting to the Router After Initial Configuration Exit ButtonApply Changes Button Discard Changes ButtonTesting Your WAN Internet Connection SDP Troubleshooting Tips Troubleshooting TipsOverview IconsLAN Fields Internet WAN Fields Firewall FieldsUsername/Login Password/Password is Encrypted Fields Edit/Delete ButtonsEncrypt password using MD5 hash algorithm Checkbox Bridge/Do not bridge LAN interface with wireless CheckboxEdit a Username Refresh/Apply Changes/Discard Changes ButtonsWireless WAN-Unable to Configure WAN InterfaceLAN interface configuration Fields No WAN AvailableEnable Firewall/Disable Firewall Buttons Delete ConnectionFirewall Unable to configure Firewall Window Unable to Configure NATAdd or Edit Address Translation Rule Routing Disable Services that Involve Security Risks Checkbox Select All Recommended by Cisco CheckboxEncrypt Passwords Checkbox Synchronize with my local PC clock CheckboxTools PingUpdate SDM from Cisco.com To clear the output of the ping commandSource Field Destination FieldUpdate SDM from Local PC Update SDM from CDCCO Login Date and Time Properties Synchronize CheckboxEdit Date and Time Fields Reset to Factory Defaults Save Running Config to PCWrite down these steps and then reset the router Apply ButtonReconfiguring Your PC with a Static or a Dynamic IP Address Microsoft Windows NT Feature Not Available Cisco SDM Express Edit Mode Feature Not Available D E IN-2