CISCO IOS Hardening- Keeping Time and Logging

250
CISCO IOS Hardening- Keeping Time and Logging :-

1- Use NTP to synchronize the routers clock to a high-level NTP Server

  • Stratum | GPS radio
  • Stratum | or 2 clock from ISP or NIST

2- Use NTP Authentication

  • clock timezone MST –7
  • ntp authentication-key 1 md5 <SECRETKEY>

3- ntp authenticate

  • ntp update calendar
  • ntp server x.x.x.x

Review http://www.ntp.org for more information about NTP.

4- Use service timestamps

  • service timestamps debug datetime
  • service timestamps log datetime msec localtime

5- Configure syslog server(s)

  • logging x.x.x.x
  • logging facility local x

6- Decide what to log

  • logging trap informational
  • logging console warnings
  • Decide where to log from

7- logging source-interface loopback0

  • Buffer those messages
  • logging buffered 4096
  • Limit embryonic TCP connections
  • ip tcp synwait-time 10 (30 seconds default)

Related Articles:- CISCO IOS Hardening- Which services needs to be enabled or disabled on router/L3 Switches

CISCO IOS Hardening- Interface Hardening

LEAVE A REPLY

Please enter your comment!
Please enter your name here