Cisco IOS *Not* Secure By Default

This should not be a surprise to other network administrators out there, but the Cisco IOS network device operating system is *not* secure by default. You need to make sure to take extra steps to lock your device down for production use.

There are plenty of good security guides on the web for Cisco IOS security configuration, including quite a few directly from Cisco. I will not try to create a guide here, but here are a few security-relevant settings that were on my mind recently.

  • Proxy Arp is enabled on all interfaces by default. This should be disabled.
    • no ip proxy-arp
  • Source Routing is enabled by default. This should be disabled.
    • no ip source-route
  • CDP is enabled by default. This should be disabled globally (no cdp run) and on each interface (no cdp enable).
    • no cdp run
    • no cdp enable

Related Articles

Advertisements

About notesbytom

Keeping technology notes on WordPress.com to free up my mind to solve new problems rather than figuring out the same ones repeatedly :-).
This entry was posted in Networking and tagged , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s