Gebaseerd op de Cisco Guide to Harden Cisco IOS Devices.
! Cisco Guide to Harden Cisco IOS Devices ! ! Enhanced Password Security aaa new-model aaa authentication login default local username MyUsername secret MyPassword enable secret MyPassword ! ! Disable Unused Services no ip bootp server ip dhcp bootp ignore no mop enabled no ip domain-lookup no service pad no ip http server no ip http secure-server no cdp run no lldp run global ! ! Keepalives for TCP Sessions service tcp-keepalive-in service tcp-keepalive-out ! ! Network Time Protocol clock timezone WET 1 clock summer-time WEST recurring last Sun Mar 3:00 last Sun Oct 2:00 ntp server 83.98.201.133 ! ! Limit Access ip access-list standard RemoteAccess permit 192.168.100.0 0.0.0.255 deny any log ! line vty 0 4 access-class RemoteAccess in ! ! Set hostname and domain name hostname myrouter ip domain-name mydomain ! ! Encrypting Management Sessions crypto key generate rsa general-keys modulus 1024 line vty 0 4 transport input ssh ! ! Warning Banners banner login ) Unauthorized access prohibited. ) banner motd ) Unauthorized access prohibited. ) ! ! SNMP Community Strings snmp-server community MyCommunity RO RemoteAccess snmp-server ifindex persist snmp-server contact user@example.com ! ! Logging logging buffered 16384 ! ! Configure Logging Timestamps service timestamps debug datetime msec show-timezone service timestamps log datetime msec show-timezone ! ! Exclusive Configuration Change Access configuration mode exclusive auto ! ! Configuration Change Notification and Logging archive log config logging enable notify syslog contenttype plaintext hidekeys !