CISCO IOS Hardening- Which services needs to be enabled or disabled on router/L3 Switches

334
CISCO IOS Hardening- Which services needs to be enabled or disabled on router/L3 Switches :-

The following services needs to be enable on router/L3 Switches.

  • #service password-encryption
  • #service tcp-keepalives-in
  • #service tcp-keepalives-out
  • #service timestamps debug datetime
  • #service timestamps log datetime localtime

The following services needs to be disable on router/L3 Switches.

  • #no cdp run
  • #no service config
  • #no ip source-route
  • #no service finger
  • #no ip finger
  • #no service pad
  • #no service tcp-small-servers
  • #no service udp-small-servers
  • #no ip bootp server
  • #no snmp-server
  • #no tftp-server

Related articles:- 

CISCO IOS Hardening- Interface Hardening

CISCO IOS Hardening- Keeping Time and Logging

LEAVE A REPLY

Please enter your comment!
Please enter your name here