Performing Basic Configuration

Recommended basic security measures

To prevent the TAOS unit router from being used as an intermediary in this type of denial-of-service attack launched from another network, you must disable the TAOS unit from forwarding the directed broadcasts it receives from another network. The following example shows how to disable directed broadcasts that are not generated locally on all IP interfaces of a TAOS unit with a four-port Ethernet card in shelf 1, slot 12:

admin> read ip-int {{1 c 1} 0} IP-INTERFACE/{ { shelf-1 controller 1 } 0 } read

admin> set directed-broadcast-allowed = no

admin> write

IP-INTERFACE/{ { shelf-1 controller 1 } 0 } written

admin> read ip-int {{1 12 1} 0} IP-INTERFACE/{ { shelf-1 slot-12 1 } 0 } read

admin> set directed-broadcast-allowed = no

admin> write

IP-INTERFACE/{ { shelf-1 slot-12 1 } 0 } written

admin> read ip-int {{1 12 2} 0} IP-INTERFACE/{ { shelf-1 slot-12 2 } 0 } read

admin> set directed-broadcast-allowed = no

admin> write

IP-INTERFACE/{ { shelf-1 slot-12 2 } 0 } written

admin> read ip-int {{1 12 3} 0} IP-INTERFACE/{ { shelf-1 slot-12 3 } 0 } read

admin> set directed-broadcast-allowed = no

admin> write

IP-INTERFACE/{ { shelf-1 slot-12 3 } 0 } written

admin> read ip-int {{1 12 4} 0} IP-INTERFACE/{ { shelf-1 slot-12 4 } 0 } read

admin> set directed-broadcast-allowed = no

admin> write

IP-INTERFACE/{ { shelf-1 slot-12 4 } 0 } written

Configuring SNMP access to the unit

For Simple Network Management Protocol (SNMP) access, an SNMP manager must be running on a host on the local IP network, and the TAOS unit must be able to find that host by means of either a static route or RIP. In addition to these restrictions, the TAOS unit has its own SNMP password security (community strings), which you must set up to protect the TAOS unit from being reconfigured from an unauthorized SNMP station.

Overview of SNMP security

The SNMP profile contains SNMP-readable information about the unit and its SNMP security. There are two levels of security:

Community strings limit access to the TAOS unit to the community of SNMP managers who know the strings.

Address security excludes SNMP access unless it is initiated from a specified IP address.

1-10

APX 8000/MAX TNT/DSLTNT Physical Interface Configuration Guide

Page 29 Page 31
Page 30
Image 30
Lucent Technologies 7820-0802-003 manual Configuring Snmp access to the unit, Overview of Snmp security
Page 29 Page 31
Top Page Image Contents