Security Basics mailing list archives
RE: Default Services on Ciscos IOS
From: "Morgan, Dwayne J" <MorganD7 () bp com>
Date: Tue, 21 Oct 2003 15:09:33 -0500
Here is a listing I keep in a text file named "cisco-settings.txt". I copy-n-paste this into my 11.x and 12.x cisco routers from the enable/config terminal. You may have to modify to fit your needs. You will get an error on one or the other of the "no service finger" or "no ip finger" depending on the IOS router/switch. One of them should take.
From "config t"
no service finger no ip finger no service pad service password-encryption no service udp-small-servers no service tcp-small-servers no cgmp no ip http server no snmp-server community private RW no snmp-server community public RO no snmp-server chassis-id 0x09 no ip domain-lookup no snmp-server engineID local xxxxxxxxxxxxxxxxxxxfrom your system CONFIDENTIALITY NOTICE: This electronic transmission and any documents sent with it constitute confidential or non-public information which may be legally privileged. If you are not the intended recipient or have received this communication in error, please resend this communication to the sender and delete it from your computer system. Any use or disclosure the contents of this communication by anyone other than an intended recipient is prohibited and may be unlawful. -----Original Message----- From: erisk [mailto:erisk () iinet net au] Sent: Tuesday, October 21, 2003 1:54 AM To: Security-Basics Subject: Default Services on Ciscos IOS Hi all, Can someone clarify this for me re IOS default services... As stated in the NSA router security guideline, services enabled by default can depend on the IOS version (ie small services is enabled by default on 11.2 but disabled on 11.3). This will not necesasarily be shown in the config...However it also stated that SNMP is enabled by default on 12.0 (and up ?)... Now without portscanning and if it is not show to be turned on in the config how does one know if it is enabled or not.... I know that you should explicitly disable the services, but for my own knowledge is there an URL that can say exactly which IOS version and services are enabled by default? Thanks, Trev --------------------------------------------------------------------------- FREE Whitepaper: Better Management for Network Security Looking for a better way to manage your IP security? Learn how Solsoft can help you: - Ensure robust IP security through policy-based management - Make firewall, VPN, and NAT rules interoperable across heterogeneous networks - Quickly respond to network events from a central console Download our FREE whitepaper at: http://www.securityfocus.com/sponsor/Solsoft_security-basics_031015 ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Visual & Easy-to-use are not words that you think of when talking about network analyzers. Are you sick of the three window text decodes? Download ClearSight Network's Analyzer and see a new network analysis tool that makes the complex - easy http://www.securityfocus.com/sponsor/ClearSightNetworks_security-basics_031021 ----------------------------------------------------------------------------
Current thread:
- RE: Default Services on Ciscos IOS Morgan, Dwayne J (Oct 21)