16-3
Cisco Router and Security Device Manager Version 2.2 Users Guide
OL-4015-08
Chapter16 Security Audit
One-Step Lockdown
This option tests you router configuration for any potential security problems and
automatically makes any necessary configuration changes to correct any proble ms
found. The conditions checked for and, if needed, corrected are as follows:
Disable Finger Service
Disable PAD Service
Disable TCP Small Servers Service
Disable UDP Small Servers Service
Disable IP BOOTP Server Service
Disable IP Identification Service
Disable CDP
Disable IP Source Route
Enable Password Encryption Service
Enable TCP Keepalives for Inbound Telnet Sessions
Enable TCP Keepalives for Outbound Telnet Sessions
Enable Sequence Numbers and Time Stamps on Debugs
Enable IP CEF
Disable IP Gratuitous ARPs
Set Minimum Password Length to Less Than 6 Characters
Set Authentication Failure Rate to Less Than 3 Retries
Set TCP Synwait Time
Set Banner
Enable Logging
Set Enable Secret Password
Disable SNMP
Set Scheduler Interval
Set Scheduler Allocate
Set Users
Enable Telnet Settings