Chapter24 Security Audit
Fix It Page
24-14
Cisco Router and Security Device Manager 2.5 User’s Guide
OL-4015-12
connections, this can overwhelm and disable the host. Setting the TCP synwait
time to 10 seconds causes the router to shut down an incomplete connection after
10 seconds, preventing the buildup of incomplete connections at the host.
The configuration that will be delivered to the router to set the TCP synwait time
to 10 seconds is as follows:
ip tcp synwait-time <10>
Set Banner
Security Audit configures a text banner whenever possible. In some jurisdictions,
civil and/or criminal prosecution of crackers who break into your systems is made
much easier if you provide a banner informing unauthorized users that their use
is in fact unauthorized. In other jurisdictions, you may be forbidden to monitor
the activities of even unauthorized users unless you have taken steps to notify
them of your intent to do so. The text banner is one method of performing this
notification.
The configuration that will be delivered to the router to create a text banner is as
follows, replacing <company name>, <administrator email address>, and
<administrator phone number> with the appropriate values that you enter into
Security Audit:
banner ~
Authorized access only
This system is the property of
<company name>
Enterprise.
Disconnect IMMEDIATELY as you are not an authorized user!
Contact
<administrator email address>
<administrator phone number>
.
~
Enable Logging
Security Audit will enable logging with time stamps and sequence numbers
whenever possible. Because it gives detailed information about network events,
logging is critical in recognizing and responding to security events. Time stamps
and sequence numbers provide information about the date and time and sequence
in which network events occur.
The configuration that will be delivered to the router to enabl e and configure
logging is as follows, replacing <log buffer si ze> and <logging server ip
address> with the appropriate values that you enter into Security Audit: