Disable IP Mask Reply | 321 Studios OL-7141-04 instruction

Chapter 1 Cisco SDM Express

Supplementary Help

The configuration that will be delivered to the router to disable ICMP host unreachable messages is as follows:

int <all-interfaces>

no ip unreachables

You can undo this fix using the Cisco SDM Security Audit feature. To learn how, see the Security Audit online help in Cisco SDM. For more information, click Cisco Router and Security Device Manager.

Disable IP Mask Reply

Cisco SDM Express disables Internet Message Control Protocol (ICMP) mask reply messages whenever possible. ICMP supports IP traffic by relaying information about paths, routes, and network conditions. ICMP mask reply messages are sent when a network device must know the subnet mask for a particular subnetwork in the internetwork. ICMP mask reply messages are sent to the device requesting the information by devices that have the requested information. These messages can be used by an attacker to gain network mapping information.

The configuration that will be delivered to the router to disable ICMP mask reply messages is as follows:

no ip mask-reply

You can undo this fix using the Cisco SDM Security Audit feature. To learn how, see the Security Audit online help in Cisco SDM. For more information, click Cisco Router and Security Device Manager.

Set Minimum Password Length to Less Than 6 Characters

Cisco SDM Express configures your router to require a minimum password length of 6 characters whenever possible. One method attackers use to crack passwords is to try all possible combinations of characters until the password is discovered. Longer passwords have exponentially more possible combinations of characters, making this method of attack much more difficult.

This configuration change will require every password on the router, including the user, enable, secret, console, AUX, tty, and vty passwords, to be at least 6 characters in length. This configuration change will be made only if the Cisco IOS version running on your router supports the minimum password length feature.

	Cisco SDM Express
1-40	OL-7141-04

Image 46

321 Studios OL-7141-04 manual Disable IP Mask Reply, Set Minimum Password Length to Less Than 6 Characters

Contents

Cisco SDM Express User’s Guide Cisco SDM Express User’s Guide N T E N T S Contents Cisco SDM Express Edit Mode Contents Welcome A P T E R Hostname Field Basic ConfigurationUsername and Password Fields Domain Name Field Router Provisioning Enable Secret Password FieldSDM Express Secure Device Provisioning Provision From USB TokenUSB Token or USB Flash CNS Server Provision From USB Flash File Selection Name Wireless Interface ConfigurationLAN Interface Configuration Size IP Address Field Wireless Parameters FieldsInterface/Bridge-to-Interface List Subnet Mask Field Refresh, Apply Changes, Discard Changes Buttons Dhcp Server ConfigurationEnable Dhcp server on the LAN interface Check Box Starting IP Address Field Primary Domain Name Server Field Ending IP Address FieldSecondary Domain Name Server Field Use these DNS values for Dhcp clients Check Box Enable PPPoE Check BoxInternet WAN Ethernet Interface Address Type List Confirm Password Field Authentication Type Check BoxPassword Field Username Field Internet WAN Autodetect Encapsulation Status Icon and Enable or Disable ButtonInternet WAN User Specified Encapsulation Virtual Path Identifier Field Encapsulation ListVirtual Circuit Identifier Field IP Address for Remote Connection in Central Office Field WAN Interface Selection Enable or Disable ButtonAdd Connection, Edit, Delete Buttons Interface List Serial ConnectionRefresh Button Frame Relay Configuration Settings Link IP Address and Subnet Mask Fields LMI Type Field Frame Relay Configuration SettingsDlci Field Use Ietf Frame Relay Encapsulation Check Box Internet WAN Advanced Options CNS Server Information Primary DNS Field Firewall ConfigurationSecondary DNS Field Security Settings Disable Snmp Services on Your Router Check Box Disable Services that Involve Security Risks Check Box Encrypt Passwords Check Box Enhance Security on Router Access Check BoxSummary Supplementary Help Cisco Network ServicesCisco Router and Security Device Manager Security Settings Disable Snmp Disable Finger Service Disable PAD Service Disable TCP Small Servers Service Disable UDP Small Servers Service Disable IP Bootp Server Service Disable IP Identification Service Disable CDP Disable IP Source Route Enable Password Encryption Service Enable Netflow Switching Enable TCP Keepalives for Inbound Telnet Sessions Enable Sequence Numbers and Time Stamps on Debugs Enable TCP Keepalives for Outbound Telnet SessionsEnable IP CEF Set Scheduler Interval Set Scheduler Allocate Set TCP Synwait Time Enable Logging Enable Unicast RPF on Outside Interfaces Disable IP Gratuitous ARPs Disable IP Redirects Disable IP Proxy ARP Disable IP Directed Broadcast Disable MOP Service Disable IP Unreachables Disable IP Mask Reply Set Minimum Password Length to Less Than 6 Characters Set Authentication Failure Rate to Less Than 3 Retries Set Banner Enable Telnet Settings Enable SSH for Access to the Router Help Button Cisco SDM Express ButtonsAbout Button Apply Changes Button Reconnecting to the Router After Initial ConfigurationExit Button Discard Changes Button Testing Your WAN Internet Connection SDP Troubleshooting Tips Troubleshooting Tips Icons OverviewLAN Fields Internet WAN Fields Firewall Fields Username/Login Password/Password is Encrypted Fields Edit/Delete Buttons Edit a Username Encrypt password using MD5 hash algorithm CheckboxBridge/Do not bridge LAN interface with wireless Checkbox Refresh/Apply Changes/Discard Changes Buttons LAN interface configuration Fields WirelessWAN-Unable to Configure WAN Interface No WAN Available Delete Connection Enable Firewall/Disable Firewall ButtonsFirewall Unable to configure Firewall Window Unable to Configure NAT Add or Edit Address Translation Rule Routing Disable Services that Involve Security Risks Checkbox Select All Recommended by Cisco Checkbox Encrypt Passwords Checkbox Synchronize with my local PC clock Checkbox Tools Ping Source Field Update SDM from Cisco.comTo clear the output of the ping command Destination Field Update SDM from CD Update SDM from Local PCCCO Login Synchronize Checkbox Date and Time PropertiesEdit Date and Time Fields Write down these steps and then reset the router Reset to Factory DefaultsSave Running Config to PC Apply Button Reconfiguring Your PC with a Static or a Dynamic IP Address Microsoft Windows NT Feature Not Available Cisco SDM Express Edit Mode Feature Not Available D E IN-2