Router Enhanced Security Configuration Service Name Service Content
Global service configuration: By examining the configuration of backbone routers on backbone nodes, and in combination with actual needs, opening certain necessary services or closing some unnecessary services. For example: no service fingerprintno service pad, etc.
Interface service configuration checks the router according to the basic configuration plan formulated, and removes certain unnecessary IP features, such as: no ip redire ctsno ip drected-broadcast
CDP configuration Configure the router's CDP based on the characteristics of the ISP network and the well-developed plan.
Login Banner configuration Modify login banner to hide the real information of the router system. `
Enable secret configuration Use enable secret to encrypt secret passwords.
Nagle configuration improves security through Nagle configuration and also improves the performance of the router's telnet session.
Ident configuration increases router security through the identifier configuration.
Timeout configuration Configure VTY and Console timeout to increase system access security.
Access Control Configuration Increase system access security by configuring the Access List of the VTY port.
VTY access configuration Configure the access method of VTY, such as SSH, to increase the security of system access.
User Verification Configuration Configure user verification methods to enhance security of system access.
AAA mode configuration Configure AAA mode to increase user access security.
Routing Command Audit Configuration Configure AAA command accounting to enhance system access security.
Ingress and Egress routing filtering Configure Ingress and Egress on the border router
Ingress and Egress packet filtering prevent illegal IP addresses from being accepted by configuring Ingress packet filtering; prevent illegal IP addresses from being transmitted by configuring Egress packet filtering, and will also solve the problem of balance between filtering rules and performance.
Unicast RPF configuration Enhance the security of the ISP itself by configuring Unicast RPF to protect ISP customers. The service provides Unicast RPF configurations for Single Homed rental line customers, PSTN/ISDN/xDSL customers or Multihomed rental line customers.
Routing protocol verification configuration Configure the adjacent router verification protocol to ensure the exchange of reliable routing information. You can configure plaintext verification or MD5 verification for encryption.
CAR configuration Configure the router CAR function to prevent SMURF attacks.
More advanced security configurations are provided based on specific circumstances. Article entry: csh Editor in charge: csh
Global service configuration: By examining the configuration of backbone routers on backbone nodes, and in combination with actual needs, opening certain necessary services or closing some unnecessary services. For example: no service fingerprintno service pad, etc.
Interface service configuration checks the router according to the basic configuration plan formulated, and removes certain unnecessary IP features, such as: no ip redire ctsno ip drected-broadcast
CDP configuration Configure the router's CDP based on the characteristics of the ISP network and the well-developed plan.
Login Banner configuration Modify login banner to hide the real information of the router system. `
Enable secret configuration Use enable secret to encrypt secret passwords.
Nagle configuration improves security through Nagle configuration and also improves the performance of the router's telnet session.
Ident configuration increases router security through the identifier configuration.
Timeout configuration Configure VTY and Console timeout to increase system access security.
Access Control Configuration Increase system access security by configuring the Access List of the VTY port.
VTY access configuration Configure the access method of VTY, such as SSH, to increase the security of system access.
User Verification Configuration Configure user verification methods to enhance security of system access.
AAA mode configuration Configure AAA mode to increase user access security.
Routing Command Audit Configuration Configure AAA command accounting to enhance system access security.
Ingress and Egress routing filtering Configure Ingress and Egress on the border router
Ingress and Egress packet filtering prevent illegal IP addresses from being accepted by configuring Ingress packet filtering; prevent illegal IP addresses from being transmitted by configuring Egress packet filtering, and will also solve the problem of balance between filtering rules and performance.
Unicast RPF configuration Enhance the security of the ISP itself by configuring Unicast RPF to protect ISP customers. The service provides Unicast RPF configurations for Single Homed rental line customers, PSTN/ISDN/xDSL customers or Multihomed rental line customers.
Routing protocol verification configuration Configure the adjacent router verification protocol to ensure the exchange of reliable routing information. You can configure plaintext verification or MD5 verification for encryption.
CAR configuration Configure the router CAR function to prevent SMURF attacks.
More advanced security configurations are provided based on specific circumstances. Article entry: csh Editor in charge: csh