Set ‘login authentication for ‘line tty’
Details Authenticates users who access the router or switch using the TTY port. Solution Configure management lines to require login...
- Home
- Security Hardening
- CIS Cisco IOS 12 L1 V4.0.0
CIS Cisco IOS 12 L1 V4.0.0
Set ‘login authentication for ‘line vty’
Details Authenticates users who access the router or switch remotely through the VTY port. Solution Configure management lines to require...Set maximimum value for ‘ip ssh authentication-retries’
Details The number of retries before the SSH login session disconnects. Solution Configure the SSH timeout: hostname(config)#ip ssh authentication-retries [3]...Set ‘modulus’ to greater than or equal to 2048 for ‘crypto key generate rsa’
Details Use this command to generate RSA key pairs for your Cisco device. RSA keys are generated in pairs–one public...Set ‘no cdp run’
Details Disable Cisco Discovery Protocol (CDP) service at device level. Solution Disable Cisco Discovery Protocol (CDP) service globally. hostname(config)#no cdp...Set ‘no exec’ for ‘line aux 0’
Details The ‘no exec’ command restricts a line to outgoing connections only. NOTE – Line aux 0 does not appear...Set ‘no ip bootp server’
Details Disable the Bootstrap Protocol (BOOTP) service on your routing device. Solution Disable the bootp server. hostname(config)#no ip bootp server...Set ‘no ip identd’
Details Disable the identification (identd) server. Solution Disable the ident server. hostname(config)#no ip identd Supportive Information The following resource is...Set ‘no service dhcp’
Details Disable the Dynamic Host Configuration Protocol (DHCP) server and relay agent features on your router. Solution Disable the DHCP...Set ‘no service pad’
Details Disable X.25 Packet Assembler/Disassembler (PAD) service. Solution Disable the PAD service. hostname(config)#no service pad Supportive Information The following resource...