Chapter24 Security Audit
Fix It Page
24-6
Cisco Router and Security Device Manager 2.5 User’s Guide
OL-4015-12
Fix All
Click this button to place a check mark next to all of the potential security
problems listed on the Report Card screen.

Select an option: Undo Security Configurations

When this option is selected, Cisco SDM displays the security configurations that
it can undo. To have Cisco SDM undo all the security configurations, click Undo
All. To specify a security configuration that you want to undo, check the Undo
box next to it. Click Next> after you have specified which security configurations
to undo. You must select at least one security configuration to undo.
Undo All
Click the button to place a checkmark next to all the security configurations that
Cisco SDM can undo.
To see which security configurations Cisco SDM can undo, click:
Security Configurations Cisco SDM Can Undo

I want Cisco SDM to fix some problems, but undo other security configurations

If you want Cisco SDM to fix some security issues but undo other security
configurations that you do not need, you can run the Security Aud it wizard once
to specify the problems to fix, and then run it again so that you can select the
security configurations you want to undo.
Disable Finger Service
Security Audit disables the finger service whenever possible. Finger is used to
find out which users are logged into a network device. Although this information
is not usually tremendously sensitive, it can sometimes be useful to an attacker.
In addition, the finger service can be used in a specific type of Denial-of-Service
(DoS) attack called “Finger of death,” which involves sending a finger request to
a specific computer every minute, but never disconnecting.
The configuration that will be delivered to the router to disable the Finger service
is as follows:
no service finger