Đang chuẩn bị nút TẢI XUỐNG, xin hãy chờ
Tải xuống
This paper is the second in a three-part series of white papers, each of which focuses on a functional area of securing your network. As introduced in the first installment, network security should be implemented throughout your entire network. Take a layered approach and introduce security at every layer possible. This second paper will suggest steps to secure your Router, Firewall, and Virtual Private Network (VPN) Concentrators. | Global Knowledge Expert Reference Series ofWhite Papers Cisco Security Setup Configuration Part 2 Routers Firewalls VPN Concentrators 1-800-COURSES www.globalknowledge.com Cisco Security Setup Configuration Part 2 Routers Firewalls VPN Concentrators Isaac A. Valdez Global Knowledge Instructor CCSI CCSP CCNP CCDP Introduction This paper is the second in a three-part series of white papers each of which focuses on a functional area of securing your network. As introduced in the first installment network security should be implemented throughout your entire network. Take a layered approach and introduce security at every layer possible. This second paper will suggest steps to secure your Router Firewall and Virtual Private Network VPN Concentrators. Router A router offers rich layer 3 services such as access lists route control peer router authentication and rate limiting features. Let s start with the basics before reviewing some of the more advanced features. The following command is used to disable all un-used interfaces int f0 0 shut Next disable all unused services on both an interface and global level. It is important for you to decide which services are or are not needed by your environment. Also keep in mind that many of these services may already be disabled by default. You can use the Cisco Internetwork Operating System IOS Command Lookup tool to find out which service is already enabled or disabled in your specific IOS revision http www.cisco.com cgi-bin Support Cmdlookup home.pl int f0 1 ip address 200.200.7.1 255.255.255.0 no no no no no no no ip verify unicast reverse-path ntp disable no shut ip redirect ip unreachable ip directed-broadcast ip proxy-arp ip mask-reply cdp enable mop Copyright 2006 Global Knowledge Training LLC. All rights reserved. 2 There are many services throughout the Cisco IOS that can use a loopback interface. These services include routing ntp syslog and telnet just to name a few. Therefore it is a good idea to create a loopback .