Gebaseerd op de Cisco Guide to Harden Cisco IOS Devices.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 |
! Cisco Guide to Harden Cisco IOS Devices ! ! Enhanced Password Security aaa new-model aaa authentication login default local username MyUsername secret MyPassword enable secret MyPassword ! ! Disable Unused Services no ip bootp server ip dhcp bootp ignore no mop enabled no ip domain-lookup no service pad no ip http server no ip http secure-server no cdp run no lldp run global ! ! Keepalives for TCP Sessions service tcp-keepalive-in service tcp-keepalive-out ! ! Network Time Protocol clock timezone WET 1 clock summer-time WEST recurring last Sun Mar 3:00 last Sun Oct 2:00 ntp server 83.98.201.133 ! ! Limit Access ip access-list standard RemoteAccess permit 192.168.100.0 0.0.0.255 deny any log ! line vty 0 4 access-class RemoteAccess in ! ! Set hostname and domain name hostname myrouter ip domain-name mydomain ! ! Encrypting Management Sessions crypto key generate rsa general-keys modulus 1024 line vty 0 4 transport input ssh ! ! Warning Banners banner login ) Unauthorized access prohibited. ) banner motd ) Unauthorized access prohibited. ) ! ! SNMP Community Strings snmp-server community MyCommunity RO RemoteAccess snmp-server ifindex persist snmp-server contact user@example.com ! ! Logging logging buffered 16384 ! ! Configure Logging Timestamps service timestamps debug datetime msec show-timezone service timestamps log datetime msec show-timezone ! ! Exclusive Configuration Change Access configuration mode exclusive auto ! ! Configuration Change Notification and Logging archive log config logging enable notify syslog contenttype plaintext hidekeys ! |