?– Disable unneeded services: By default, Cisco devices implement multiple TCP and
User Datagram Protocol (UDP) servers to facilitate management and integration into
existing environments. For most installations, these services are not required, and
disabling them can greatly reduce overall security exposure. These commands disable
the services not typically used:
no service tcp-small-servers
no service finger
no service config
?– Con?¬?gure basic logging: To assist and simplify both problem troubleshooting and
security investigations, monitor the switch subsystem information received from the
logging facility. View the output in the on-system logging buffer memory. To render
the on-system logging useful, increase the default buffer size.
?– Encrypt passwords: The con?¬?guration ?¬?le contains many passwords in plaintext.
Using the service password-encryption command in global con?¬?guration mode will
provide a simple encryption algorithm to help secure these passwords.
70 Chapter 2: Medium-Sized Switched Network Construction
Securing Switch Protocols
Follow these recommended practices to secure the switch protocols:
?– Manage Cisco Discovery Protocol: Cisco Discovery Protocol does not reveal
security-speci?¬?c information, but it is possible for an attacker to exploit this
information in a reconnaissance attack, whereby an attacker learns device and IP
address information to launch other types of attacks.
Pages:
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126