Chapter 1 Cisco SDM Express

Supplementary Help

The configuration that will be delivered to the router to disable ICMP host unreachable messages is as follows:

int <all-interfaces>

no ip unreachables

You can undo this fix using the Cisco SDM Security Audit feature. To learn how, see the Security Audit online help in Cisco SDM. For more information, click Cisco Router and Security Device Manager.

Disable IP Mask Reply

Cisco SDM Express disables Internet Message Control Protocol (ICMP) mask reply messages whenever possible. ICMP supports IP traffic by relaying information about paths, routes, and network conditions. ICMP mask reply messages are sent when a network device must know the subnet mask for a particular subnetwork in the internetwork. ICMP mask reply messages are sent to the device requesting the information by devices that have the requested information. These messages can be used by an attacker to gain network mapping information.

The configuration that will be delivered to the router to disable ICMP mask reply messages is as follows:

no ip mask-reply

You can undo this fix using the Cisco SDM Security Audit feature. To learn how, see the Security Audit online help in Cisco SDM. For more information, click Cisco Router and Security Device Manager.

Set Minimum Password Length to Less Than 6 Characters

Cisco SDM Express configures your router to require a minimum password length of 6 characters whenever possible. One method attackers use to crack passwords is to try all possible combinations of characters until the password is discovered. Longer passwords have exponentially more possible combinations of characters, making this method of attack much more difficult.

This configuration change will require every password on the router, including the user, enable, secret, console, AUX, tty, and vty passwords, to be at least 6 characters in length. This configuration change will be made only if the Cisco IOS version running on your router supports the minimum password length feature.

 

Cisco SDM Express

1-40

OL-7141-04

Page 46
Image 46
321 Studios OL-7141-04 manual Disable IP Mask Reply, Set Minimum Password Length to Less Than 6 Characters