Example of a Router Configuration as Generated by the Cisco Auto Secure Feature


As stated in Chapter 6, the Cisco auto secure command allows for a simplified way to apply best security practices with very little interaction from the administrator. The user would be prompted as to which of the listed access lists auto secure should apply to the Internet-facing interfaces. The default choice would add them all.

Listing A.3 shows a sample router configuration as created by auto secure.

Listing A.3. An Example of a Configuration as Generated by Cisco Auto Secure
 no service finger no service pad no service udp-small-servers no service tcp-small-servers service password-encryption service tcp-keepalives-in service tcp-keepalives-out no cdp run no ip bootp server no ip http server no ip finger no ip source-route no ip gratuitous-arps no snmp-server banner k My Banner k security passwords min-length 6 security authentication failure rate 10 log enable password 7 XXXXXXXXXXXXX aaa new-model aaa authentication login local_auth local line console 0  login authentication local_auth  exec-timeout 5 0  transport output telnet line aux 0  login authentication local_auth  exec-timeout 10 0  transport output telnet line vty 0 4  login authentication local_auth  transport input telnet service timestamps debug datetime localtime show-timezone msec service timestamps log datetime localtime show-timezone msec logging facility local2 logging trap debugging service sequence-numbers logging console critical logging buffered int FastEthernet0  no ip redirects  no ip proxy-arp  no ip unreachables  no ip directed-broadcast  no ip mask-reply int Serial0  no ip redirects  no ip proxy-arp  no ip unreachables  no ip directed-broadcast  no ip mask-reply int Ethernet0  no ip redirects  no ip proxy-arp  no ip unreachables  no ip directed-broadcast  no ip mask-reply ip cef ip access-list extended autosec_iana_reserved_block  deny ip 1.0.0.0 0.255.255.255 any  deny ip 2.0.0.0 0.255.255.255 any  deny ip 5.0.0.0 0.255.255.255 any  deny ip 7.0.0.0 0.255.255.255 any  deny ip 23.0.0.0 0.255.255.255 any  deny ip 27.0.0.0 0.255.255.255 any  deny ip 31.0.0.0 0.255.255.255 any  deny ip 36.0.0.0 0.255.255.255 any  deny ip 37.0.0.0 0.255.255.255 any  deny ip 39.0.0.0 0.255.255.255 any  deny ip 41.0.0.0 0.255.255.255 any  deny ip 42.0.0.0 0.255.255.255 any  deny ip 49.0.0.0 0.255.255.255 any  deny ip 50.0.0.0 0.255.255.255 any  deny ip 58.0.0.0 0.255.255.255 any  deny ip 59.0.0.0 0.255.255.255 any  deny ip 60.0.0.0 0.255.255.255 any  deny ip 70.0.0.0 0.255.255.255 any  deny ip 71.0.0.0 0.255.255.255 any  deny ip 72.0.0.0 0.255.255.255 any  deny ip 73.0.0.0 0.255.255.255 any  deny ip 74.0.0.0 0.255.255.255 any  deny ip 75.0.0.0 0.255.255.255 any  deny ip 76.0.0.0 0.255.255.255 any  deny ip 77.0.0.0 0.255.255.255 any  deny ip 78.0.0.0 0.255.255.255 any  deny ip 79.0.0.0 0.255.255.255 any  deny ip 83.0.0.0 0.255.255.255 any  deny ip 84.0.0.0 0.255.255.255 any  deny ip 85.0.0.0 0.255.255.255 any  deny ip 86.0.0.0 0.255.255.255 any  deny ip 87.0.0.0 0.255.255.255 any  deny ip 88.0.0.0 0.255.255.255 any  deny ip 89.0.0.0 0.255.255.255 any  deny ip 90.0.0.0 0.255.255.255 any  deny ip 91.0.0.0 0.255.255.255 any  deny ip 92.0.0.0 0.255.255.255 any  deny ip 93.0.0.0 0.255.255.255 any  deny ip 94.0.0.0 0.255.255.255 any  deny ip 95.0.0.0 0.255.255.255 any  deny ip 96.0.0.0 0.255.255.255 any  deny ip 97.0.0.0 0.255.255.255 any  deny ip 98.0.0.0 0.255.255.255 any  deny ip 99.0.0.0 0.255.255.255 any  deny ip 100.0.0.0 0.255.255.255 any  deny ip 101.0.0.0 0.255.255.255 any  deny ip 102.0.0.0 0.255.255.255 any  deny ip 103.0.0.0 0.255.255.255 any  deny ip 104.0.0.0 0.255.255.255 any  deny ip 105.0.0.0 0.255.255.255 any  deny ip 106.0.0.0 0.255.255.255 any  deny ip 107.0.0.0 0.255.255.255 any  deny ip 108.0.0.0 0.255.255.255 any  deny ip 109.0.0.0 0.255.255.255 any  deny ip 110.0.0.0 0.255.255.255 any  deny ip 111.0.0.0 0.255.255.255 any  deny ip 112.0.0.0 0.255.255.255 any  deny ip 113.0.0.0 0.255.255.255 any  deny ip 114.0.0.0 0.255.255.255 any  deny ip 115.0.0.0 0.255.255.255 any  deny ip 116.0.0.0 0.255.255.255 any  deny ip 117.0.0.0 0.255.255.255 any  deny ip 118.0.0.0 0.255.255.255 any  deny ip 119.0.0.0 0.255.255.255 any  deny ip 120.0.0.0 0.255.255.255 any  deny ip 121.0.0.0 0.255.255.255 any  deny ip 122.0.0.0 0.255.255.255 any  deny ip 123.0.0.0 0.255.255.255 any  deny ip 124.0.0.0 0.255.255.255 any  deny ip 125.0.0.0 0.255.255.255 any  deny ip 126.0.0.0 0.255.255.255 any  deny ip 197.0.0.0 0.255.255.255 any  deny ip 201.0.0.0 0.255.255.255 any  permit ip any any remark This acl might not be up to date. Visit www.iana.org/assignments/ipv4-add ress-space for update list exit ip access-list extended autosec_private_block  deny ip 10.0.0.0 0.255.255.255 any  deny ip 172.16.0.0 0.15.255.255 any  deny ip 192.168.0.0 0.0.255.255 any  permit ip any any exit ip access-list extended autosec_complete_bogon  deny ip 1.0.0.0 0.255.255.255 any  deny ip 2.0.0.0 0.255.255.255 any  deny ip 5.0.0.0 0.255.255.255 any  deny ip 7.0.0.0 0.255.255.255 any  deny ip 23.0.0.0 0.255.255.255 any  deny ip 27.0.0.0 0.255.255.255 any  deny ip 31.0.0.0 0.255.255.255 any  deny ip 36.0.0.0 0.255.255.255 any  deny ip 37.0.0.0 0.255.255.255 any  deny ip 39.0.0.0 0.255.255.255 any  deny ip 41.0.0.0 0.255.255.255 any  deny ip 42.0.0.0 0.255.255.255 any  deny ip 49.0.0.0 0.255.255.255 any  deny ip 50.0.0.0 0.255.255.255 any  deny ip 58.0.0.0 0.255.255.255 any  deny ip 59.0.0.0 0.255.255.255 any  deny ip 60.0.0.0 0.255.255.255 any  deny ip 70.0.0.0 0.255.255.255 any  deny ip 71.0.0.0 0.255.255.255 any  deny ip 72.0.0.0 0.255.255.255 any  deny ip 73.0.0.0 0.255.255.255 any  deny ip 74.0.0.0 0.255.255.255 any  deny ip 75.0.0.0 0.255.255.255 any  deny ip 76.0.0.0 0.255.255.255 any  deny ip 77.0.0.0 0.255.255.255 any  deny ip 78.0.0.0 0.255.255.255 any  deny ip 79.0.0.0 0.255.255.255 any  deny ip 83.0.0.0 0.255.255.255 any  deny ip 84.0.0.0 0.255.255.255 any  deny ip 85.0.0.0 0.255.255.255 any  deny ip 86.0.0.0 0.255.255.255 any  deny ip 87.0.0.0 0.255.255.255 any  deny ip 88.0.0.0 0.255.255.255 any  deny ip 89.0.0.0 0.255.255.255 any  deny ip 90.0.0.0 0.255.255.255 any  deny ip 91.0.0.0 0.255.255.255 any  deny ip 92.0.0.0 0.255.255.255 any  deny ip 93.0.0.0 0.255.255.255 any  deny ip 94.0.0.0 0.255.255.255 any  deny ip 95.0.0.0 0.255.255.255 any  deny ip 96.0.0.0 0.255.255.255 any  deny ip 97.0.0.0 0.255.255.255 any  deny ip 98.0.0.0 0.255.255.255 any  deny ip 99.0.0.0 0.255.255.255 any  deny ip 100.0.0.0 0.255.255.255 any  deny ip 101.0.0.0 0.255.255.255 any  deny ip 102.0.0.0 0.255.255.255 any  deny ip 103.0.0.0 0.255.255.255 any  deny ip 104.0.0.0 0.255.255.255 any  deny ip 105.0.0.0 0.255.255.255 any  deny ip 106.0.0.0 0.255.255.255 any  deny ip 107.0.0.0 0.255.255.255 any  deny ip 108.0.0.0 0.255.255.255 any  deny ip 109.0.0.0 0.255.255.255 any  deny ip 110.0.0.0 0.255.255.255 any  deny ip 111.0.0.0 0.255.255.255 any  deny ip 112.0.0.0 0.255.255.255 any  deny ip 113.0.0.0 0.255.255.255 any  deny ip 114.0.0.0 0.255.255.255 any  deny ip 115.0.0.0 0.255.255.255 any  deny ip 116.0.0.0 0.255.255.255 any  deny ip 117.0.0.0 0.255.255.255 any  deny ip 118.0.0.0 0.255.255.255 any  deny ip 119.0.0.0 0.255.255.255 any  deny ip 120.0.0.0 0.255.255.255 any  deny ip 121.0.0.0 0.255.255.255 any  deny ip 122.0.0.0 0.255.255.255 any  deny ip 123.0.0.0 0.255.255.255 any  deny ip 124.0.0.0 0.255.255.255 any  deny ip 125.0.0.0 0.255.255.255 any  deny ip 126.0.0.0 0.255.255.255 any  deny ip 197.0.0.0 0.255.255.255 any  deny ip 201.0.0.0 0.255.255.255 any  deny ip 10.0.0.0 0.255.255.255 any  deny ip 172.16.0.0 0.15.255.255 any  deny ip 192.168.0.0 0.0.255.255 any  deny ip 224.0.0.0 15.255.255.255 any  deny ip 240.0.0.0 15.255.255.255 any  deny ip 0.0.0.0 0.255.255.255 any  deny ip 169.254.0.0 0.0.255.255 any  deny ip 192.0.2.0 0.0.0.255 any  deny ip 127.0.0.0 0.255.255.255 any  permit ip any any remark This acl might not be up to date. Visit www.iana.org/assignments/ipv4-add ress-space for update list exit ip access-list extended 100  permit udp any any eq bootpc 



    Inside Network Perimeter Security
    Inside Network Perimeter Security (2nd Edition)
    ISBN: 0672327376
    EAN: 2147483647
    Year: 2005
    Pages: 230

    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net