Set ‘login authentication for ‘line vty’
Details Authenticates users who access the router or switch remotely through the VTY port. Rationale: Using AAA authentication for interactive...
- Home
- Security Hardening
- CIS Cisco IOS 16 L1 V1.1.1
CIS Cisco IOS 16 L1 V1.1.1
Set maximimum value for ‘ip ssh authentication-retries’
Details The number of retries before the SSH login session disconnects. Rationale: This limits the number of times an unauthorized...Set ‘modulus’ to greater than or equal to 2048 for ‘crypto key generate rsa’
Details Use this command to generate RSA key pairs for your Cisco device. RSA keys are generated in pairs–one public...Set ‘no cdp run’
Details Disable Cisco Discovery Protocol (CDP) service at device level. Rationale: The Cisco Discovery Protocol is a proprietary protocol that...Set ‘no exec’ for ‘line aux 0’
Details The ‘no exec’ command restricts a line to outgoing connections only. Rationale: Unused ports should be disabled, if not...Set ‘no ip bootp server’
Details Disable the Bootstrap Protocol (BOOTP) service on your routing device. Rationale: BootP allows a router to issue IP addresses....Set ‘no ip identd’
Details Disable the identification (identd) server. Rationale: Identification protocol enables identifying a user’s transmission control protocol (TCP) session. This information...Set ‘no service dhcp’
Details Disable the Dynamic Host Configuration Protocol (DHCP) server and relay agent features on your router. Rationale: The DHCP server...Set ‘no service dhcp’ – dhcp pool
Details Disable the Dynamic Host Configuration Protocol (DHCP) server and relay agent features on your router. Rationale: The DHCP server...Set ‘no snmp-server’ to disable SNMP when unused
Details If not in use, disable simple network management protocol (SNMP), read and write access. Rationale: SNMP read access allows...