"Brian J. Murrell" wrote:
>
> However, what I am interested in is disabling *all* of the unnecessary
> services on the router. For example
>
> no cdp run
>
> Turns off CDP. Great. How about any others?
It really depends on the version of IOS you are running. For example
small-servers are enabled by default in 11.x but are off by default in
12.x.
You really have to watch out for this because it can bite you. For
example a "show running" will produce identical config files on both IOS
versions even though small-servers is active on 11.x but disable on
12.x. The reason the files look the same is that the config file only
shows _variations_ from the default settings. With this in mind its
always a good idea to double check your config by running a port scan of
the router once you have locked it down.
With that said, try these:
no service tcp-small-servers
no service udp-small-servers
no service finger
no ip bootp server
no ip http server
Based on the above commentary, don't be concerned if you run these
commands but "show running" does not display them. Its that "default
setting" thing mentioned above. A port scan is still a good sanity check
however.
Additionally, you may also want to run these:
no ip source-route
banner incoming # Unauthorized access of this device is prohibited #
no ip direct-broadcast (from interface config mode)
HTH,
Chris
--
**************************************
[EMAIL PROTECTED]
* Mastering Cisco Routers
http://www.amazon.com/exec/obidos/ASIN/078212643X/
* Mastering Network Security
http://www.amazon.com/exec/obidos/ASIN/0782123430/
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
