Careful consideration should be taken to activate these
services and protocols with hardened configuration.
Cisco IOS Resilient Configuration
In IOS Version 12.3T, a new feature was introduced to maintain at all times a secure working copy of the router IOS image the startup configuration. In the event of a network downtime due to a compromise or any other disaster, the last thing to worry
about is finding a valid copy of the IOS image and the configuration file. Time spent on recovering from such a catastrophe is
critical, and speedy recovery is of utmost priority. The Cisco IOS Resilient Configuration feature enables a router to secure a
working copy of the running image and configuration so that those files can withstand malicious attempts to erase the contents
of persistent storage (NVRAM and flash). These secure files are protected by the IFS (IOS File System) and cannot be removed
by the user. This set of IOS image and router running configuration is referred to as the primary bootset .
To enable the IOS Resilient Configuration feature, use the secure boot-image command from the global configuration mode enable IOS image resilience. Use the secure boot-config command to store a secure copy of the primary bootset in the
persistent storage.
Pages:
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138