Chapter24 Security Audit
Undoing Security Audit Fixes
24-28
Cisco Router and Security Device Manager 2.5 User’s Guide
OL-4015-12
Undoing Security Audit Fixes
Cisco SDM can undo this security fix. If you want Cisco SDM to remove this
security configuration, run the Security Audit wizard. In the Report Card window,
select the option Undo Security Configurations, place a check mark next to this
configuration and other configurations that you want to undo, and click Next>.
Add or Edit Telnet/SSH Account Screen
This screen lets you add a new user account or edit an existing user account for
Telnet and SSH access to your router.
Enable NetFlow Switching ip route-cache flow
Disable IP Redirects no ip redirects
Disable IP Proxy ARP no ip proxy-arp
Disable IP Directed Broadcast no ip directed-broadcast
Disable MOP Service No mop enabled
Disable IP Unreachables int <all-interfaces>
no ip unreachables
Disable IP Mask Reply no ip mask-reply
Disable IP Unreachables on NULL
Interface
int null 0
no ip unreachables
Enable Password Encryption Service service password-encryption
Enable TCP Keepalives for Inbound
Telnet Sessions
service tcp-keepalives-in
Enable TCP Keepalives for Outbound
Telnet Sessions
service tcp-keepalives-out
Disable IP Gratuitous ARPs no ip gratuitous arps
Security Configuration Equivalent CLI