Alright, the other day i provided a list of features that can be used to harden the Cisco router and i am going to finish it here today with the commands.
For PAM to work, you can issue the commands below:
config t
ip port-map telnet port smtp 2525
exit
This will map a standard smtp port which is port 25 to a non-standard port 2525. You can also attached an access-list to restrict only a specfic hosts or user to the smtp server using list xx (where xx is the access-list number) at the end of the ip port-map command.
Cisco Firewall comes with basic configuration for IDS by default. However, you can always add on for more signatures and advanced configuration settings to thwart off attacks. For IPS and IDS configuration, refer to the link below for more detailed step by step explaination:
http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800ca7c6.html
Setting up an authentication proxy in the Cisco router using tacacs+. This will require user to authenticate first before allowing traffic to the internet.
config t
aaa new-model
aaa authorization auth-proxy default group tacacs+
aaa authorization auth-proxy default group tacacs+
tacacs-server host 192.168.1.4
tacacs-server key cisco
ip auth-proxy name httpAuthentication http
interface Ethernet0/1
ip auth-proxy httpAuthentication
exit
Use the show ip auth-proxy cache to check for user statistics. A sample example can be found below:
http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_configuration_example09186a008009466e.shtml
Sabtu, 24 Maret 2007
Other Cisco Security Router features.
06.28
No comments
Langganan:
Posting Komentar (Atom)
0 komentar:
Posting Komentar