SNMP provides a means to monitor and control network
devices and to manage configurations, statistics collection, and performance monitoring. SNMP is an application layer protocol
that facilitates the exchange of management information between network devices. SNMP uses UDP ports 161 and 162.
Like other management protocols, SNMP is vulnerable to a variety of security threats. Numerous guidelines exist for configuring
SNMP. If SNMP is not required in the network, it should be disabled on all devices.
Auto-Secure Feature
There are a number of services available on Cisco devices, as discussed in earlier sections. It is a very difficult task to monitor
and maintain the security level and to identify each service. To help with this task, Cisco IOS introduced a single CLI command,
called Auto-Secure , which performs the following functions:
Disables common IP services that can be exploited for network attacks
Enables IP services and features that can aid in the defense of a network when under attack
In addition, this feature simplifies the security configuration of a router and hardens the router configuration. Auto-Secure is valuable feature for people without special security operations applications, because it allows them to quickly secure their
network without thorough knowledge of all the Cisco IOS security features.
Pages:
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152