General Services
Now we will disable Cisco Discover Protocol at layer 2.
Now we will disable tcp and udp small servers
Now we will disable Finger service
Now we will disable HTTP Server
Now we will disable bootp server to prevent other system booting over network
Now we will disable SNMP
Now we will disable DNS lookup to broadcast addresses
Now we will disable Auto Loading
Now we will disable IP source Routing
Now we will see about disabling Interface services
Now we will disable IP Directed Broadcast
Now we will disable ICMP
Now we will disable Address Resolution Protocol over different LAN.
Now we will disable NTP
Now we will disable unused Interfaces
Now we will disable Cisco Discover Protocol at layer 2.
router1#config t
router1(config)# no cdp run
Now we will disable tcp and udp small servers
router1(config)# no service tcp-small-servers
router1(config)# no service udp-small-servers
Now we will disable Finger service
router1(config)# no ip finger
router1(config)# no service finger
Now we will disable HTTP Server
router1(config)# no ip http server
Now we will disable bootp server to prevent other system booting over network
router1(config)# noip bootp server
Now we will disable SNMP
router1(config)# no snmp-server community public RO
router1(config)# no snmp-server community private TW
router1(config)# no snmp-server enable traps
router1(config)# no snmp-server system-shutdown
router1(config)# no snmp-server trap-auth
router1(config)# no snmp-server
Now we will disable DNS lookup to broadcast addresses
router1(config)# no ip domain-lookup
Now we will disable Auto Loading
router1(config)# no boot network
router1(config)# no service config
Now we will disable IP source Routing
router1(config)# no ip source-route
Now we will see about disabling Interface services
Now we will disable IP Directed Broadcast
router1(config)# interface eth1
router1(config-if)# no ip directed-broadcast
Now we will disable ICMP
router1(config)# interface eth1
router1(config-if)# no ip redirect
router1(config-if)# no ip unreachable
router1(config-if)# no ip mask-reply
router1(config-if)# end
Now we will disable Address Resolution Protocol over different LAN.
router1(config)# no ip proxy-arp
Now we will disable NTP
router1(config)#access-list 101 deny [ntp|tcp] any any eq 123
router1(config)#interface eth1
router(config-if)#ip access-group 101 in
router(config-if)#ntp disble
router(config-if)#end
Now we will disable unused Interfaces
router1#config t
router1(config)#interface eth2
router1(config-if)#shutdown
router1(config-ig)#end
A very helpful article I must say, for an avergae joe like me who just know some basics of networking this will help a lot in tweaking our companies router to our needs now, Though I am thinking of calling in the experts from our Cisco SMARTnet providers to help me setup the things, lets see if I can do things on my own or mess up :-)
ReplyDeleteCisco routers are certainly worth the purchase and you should definitely think about it if you have a small or even large business. Cisco routers don't have to be complicated so you shouldn't avoid them if you're worried about the technical part - they will help you in the long run.
ReplyDeleteConfigure netflow on a cisco router