Select All Recommended by Cisco Checkbox | 321 Studios OL-7141-04

Chapter 2 Cisco SDM Express Edit Mode

Security Settings

Refresh/Apply Changes/Discard Changes Buttons

These buttons are visible if you are editing an initial configuration. Click

Cisco SDM Express Buttons for more information.

Security Settings

This window lets you disable features that are on by default in the Cisco IOS software, but that can create security risks, or make the router send messages at such a high volume that it would use up its available memory. You should leave the boxes checked unless you know that your requirements are different.

If you allow SDM Express to make these settings and you later want to change any of the individual setting described under these setting groups, you can do so by using SDM. For more information, click Cisco Router and Security Device Manager.

Select All (Recommended by Cisco) Checkbox

Clicking Select All lets you implement all security settings in this window. If you later decide you want to change the security settings, you can do so using Cisco SDM.

Disable Services that Involve Security Risks Checkbox

Check this box to disable the following services on the router. For an explanation of why these services should be disabled, click the links below:

•Disable Finger Service

•Disable PAD Service

•Disable TCP Small Servers Service

•Disable UDP Small Servers Service

•Disable IP BOOTP Server Service

•Disable IP Identification Service

•Disable CDP

•Disable IP Source Route

•Disable IP Gratuitous ARPs

	Cisco SDM Express
2-10	OL-7141-04

Image 62

321 Studios OL-7141-04 Select All Recommended by Cisco Checkbox, Disable Services that Involve Security Risks Checkbox

Contents

Cisco SDM Express User’s Guide Cisco SDM Express User’s Guide N T E N T S Contents Cisco SDM Express Edit Mode Contents Welcome A P T E R Hostname Field Basic ConfigurationUsername and Password Fields Domain Name Field SDM Express Enable Secret Password FieldRouter Provisioning Secure Device Provisioning Provision From USB TokenUSB Token or USB Flash CNS Server Provision From USB Flash File Selection Name Wireless Interface ConfigurationLAN Interface Configuration Size IP Address Field Wireless Parameters FieldsInterface/Bridge-to-Interface List Subnet Mask Field Refresh, Apply Changes, Discard Changes Buttons Dhcp Server ConfigurationEnable Dhcp server on the LAN interface Check Box Starting IP Address Field Secondary Domain Name Server Field Ending IP Address FieldPrimary Domain Name Server Field Use these DNS values for Dhcp clients Check Box Enable PPPoE Check BoxInternet WAN Ethernet Interface Address Type List Confirm Password Field Authentication Type Check BoxPassword Field Username Field Internet WAN User Specified Encapsulation Status Icon and Enable or Disable ButtonInternet WAN Autodetect Encapsulation Virtual Circuit Identifier Field Encapsulation ListVirtual Path Identifier Field IP Address for Remote Connection in Central Office Field Add Connection, Edit, Delete Buttons Enable or Disable ButtonWAN Interface Selection Refresh Button Serial ConnectionInterface List Frame Relay Configuration Settings Link IP Address and Subnet Mask Fields LMI Type Field Frame Relay Configuration SettingsDlci Field Use Ietf Frame Relay Encapsulation Check Box Internet WAN Advanced Options CNS Server Information Secondary DNS Field Firewall ConfigurationPrimary DNS Field Security Settings Disable Snmp Services on Your Router Check Box Disable Services that Involve Security Risks Check Box Summary Enhance Security on Router Access Check BoxEncrypt Passwords Check Box Cisco Router and Security Device Manager Cisco Network ServicesSupplementary Help Security Settings Disable Snmp Disable Finger Service Disable PAD Service Disable TCP Small Servers Service Disable UDP Small Servers Service Disable IP Bootp Server Service Disable IP Identification Service Disable CDP Disable IP Source Route Enable Password Encryption Service Enable Netflow Switching Enable TCP Keepalives for Inbound Telnet Sessions Enable IP CEF Enable TCP Keepalives for Outbound Telnet SessionsEnable Sequence Numbers and Time Stamps on Debugs Set Scheduler Interval Set Scheduler Allocate Set TCP Synwait Time Enable Logging Enable Unicast RPF on Outside Interfaces Disable IP Gratuitous ARPs Disable IP Redirects Disable IP Proxy ARP Disable IP Directed Broadcast Disable MOP Service Disable IP Unreachables Disable IP Mask Reply Set Minimum Password Length to Less Than 6 Characters Set Authentication Failure Rate to Less Than 3 Retries Set Banner Enable Telnet Settings Enable SSH for Access to the Router About Button Cisco SDM Express ButtonsHelp Button Apply Changes Button Reconnecting to the Router After Initial ConfigurationExit Button Discard Changes Button Testing Your WAN Internet Connection SDP Troubleshooting Tips Troubleshooting Tips LAN Fields OverviewIcons Internet WAN Fields Firewall Fields Username/Login Password/Password is Encrypted Fields Edit/Delete Buttons Edit a Username Encrypt password using MD5 hash algorithm CheckboxBridge/Do not bridge LAN interface with wireless Checkbox Refresh/Apply Changes/Discard Changes Buttons LAN interface configuration Fields WirelessWAN-Unable to Configure WAN Interface No WAN Available Firewall Enable Firewall/Disable Firewall ButtonsDelete Connection Unable to configure Firewall Window Unable to Configure NAT Add or Edit Address Translation Rule Routing Disable Services that Involve Security Risks Checkbox Select All Recommended by Cisco Checkbox Encrypt Passwords Checkbox Synchronize with my local PC clock Checkbox Tools Ping Source Field Update SDM from Cisco.comTo clear the output of the ping command Destination Field CCO Login Update SDM from Local PCUpdate SDM from CD Edit Date and Time Fields Date and Time PropertiesSynchronize Checkbox Write down these steps and then reset the router Reset to Factory DefaultsSave Running Config to PC Apply Button Reconfiguring Your PC with a Static or a Dynamic IP Address Microsoft Windows NT Feature Not Available Cisco SDM Express Edit Mode Feature Not Available D E IN-2