Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Default Services on Ciscos IOS

From: "Morgan, Dwayne J" <MorganD7 () bp com>
Date: Tue, 21 Oct 2003 15:09:33 -0500
Here is a listing I keep in a text file named "cisco-settings.txt". I
copy-n-paste this into my 11.x and 12.x cisco routers from the enable/config
terminal. You may have to modify to fit your needs. 
You will get an error on one or the other of the "no service finger" or "no
ip finger" depending on the IOS router/switch. One of them should take.


From "config t"

no service finger
no ip finger
no service pad
service password-encryption
no service udp-small-servers
no service tcp-small-servers
no cgmp
no ip http server
no snmp-server community private RW
no snmp-server community public RO
no snmp-server chassis-id 0x09
no ip domain-lookup

no snmp-server engineID local xxxxxxxxxxxxxxxxxxxfrom your system



CONFIDENTIALITY NOTICE:   This electronic transmission and any documents
sent with it constitute confidential or non-public information which may be
legally privileged.  If you are not the intended recipient or have received
this communication in error, please resend this communication to the sender
and delete it from your computer system.  Any use or disclosure the contents
of this communication by anyone other than an intended recipient is
prohibited and may be unlawful.


-----Original Message-----
From: erisk [mailto:erisk () iinet net au]
Sent: Tuesday, October 21, 2003 1:54 AM
To: Security-Basics
Subject: Default Services on Ciscos IOS


Hi all,

Can someone clarify this for me re IOS default services...

As stated in the NSA router security guideline, services enabled by default
can depend on the IOS version (ie small services is enabled by default on
11.2 but disabled on 11.3). This will not necesasarily be shown in the
config...However it also stated that SNMP is enabled by default on 12.0 (and
up ?)...

Now without portscanning and if it is not show to be turned on in the config
how does one know if it is enabled or not.... I know that you should
explicitly disable the services, but for my own knowledge is there an URL
that can say exactly which IOS version and services are enabled by default?

Thanks,
Trev


---------------------------------------------------------------------------
FREE Whitepaper: Better Management for Network Security

Looking for a better way to manage your IP security?
Learn how Solsoft can help you:
- Ensure robust IP security through policy-based management
- Make firewall, VPN, and NAT rules interoperable across heterogeneous
networks
- Quickly respond to network events from a central console

Download our FREE whitepaper at:
http://www.securityfocus.com/sponsor/Solsoft_security-basics_031015
----------------------------------------------------------------------------


---------------------------------------------------------------------------
Visual & Easy-to-use are not words that you think of when talking about 
network analyzers. Are you sick of the three window text decodes? Download ClearSight Network's Analyzer and see a new 
network analysis tool that 
makes the complex - easy
http://www.securityfocus.com/sponsor/ClearSightNetworks_security-basics_031021
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: