Monday, May 08, 2006

Cisco - Cisco AutoSecure Data Sheet



Cisco AutoSecure Data Sheet  [Cisco Network Foundation Protection (NFP)] - Cisco Systems
By incorporating a "one touch" device lockdown process, Cisco AutoSecure enables rapid implementation of security policies and procedures to ensure secure networking services. This new Cisco IOS® Software feature simplifies the security process, thus lowering barriers to the deployment of critical security functionality.

Cisco AutoSecure performs the following functions:1



1. Disables the following Global Services






  • Finger
  • PAD
  • Small Servers
  • Bootp
  • HTTP service
  • Identification Service
  • CDP
  • NTP
  • Source Routing





2. Enables the following Global Services






  • Password-encryption service
  • Tuning of scheduler interval/allocation
  • TCP synwait-time
  • TCP-keepalives-in and tcp-kepalives-out
  • SPD configuration
  • No ip unreachables for null 0





3. Disables the following services per interface






  • ICMP
  • Proxy-Arp
  • Directed Broadcast
  • Disables MOP service
  • Disables icmp unreachables
  • Disables icmp mask reply messages.





4. Provides logging for security






  • Enables sequence numbers & timestamp
  • Provides a console log
  • Sets log buffered size
  • Provides an interactive dialogue to configure the logging server ip address.





5. Secures access to the router






  • Checks for a banner and provides facility to add text to automatically configure:
  • Login and password
  • Transport input & output
  • Exec-timeout
  • Local AAA
  • SSH timeout and ssh authentication-retries to minimum number
  • Enable only SSH and SCP for access and file transfer to/from the router
  • Disables SNMP If not being used





6. Secures the Forwarding Plane






  • Enables Cisco Express Forwarding (CEF) or distributed CEF on the router, when available
  • Anti-spoofing
  • Blocks all IANA reserved IP address blocks
  • Blocks private address blocks if customer desires
  • Installs a default route to NULL 0, if a default route is not being used
  • Configures TCP intercept for connection-timeout, if TCP intercept feature is available and the user is interested
  • Starts interactive configuration for CBAC on interfaces facing the Internet, when using a Cisco IOS Firewall image,
  • Enables NetFlow on software forwarding platforms




Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)