HostedDB - Dedicated UNIX Servers

index_60
Router Security Configuration Guide UNCLASSIFIED 60 UNCLASSIFIED Version 1.0g Feature Description Default Recommendation HTTP server Some Cisco IOS devices offer web-based configuration. Varies by device If not in use, explicitly disable, otherwise restrict access. Bootp server Service to allow other routers to boot from this one. Enabled This is rarely needed and may open a security hole, disable it. Configuration   auto-loading Router will attempt to load its configuration via TFTP. Disabled This is rarely used, disable it if it is not in use. IP source routing IP feature that allows packets to specify their own routes. Enabled This rarely -used feature can be helpful in attacks, disable it. Proxy ARP Router will act as a proxy for layer 2 address resolution. Enabled Disable this, unless the router is serving as a LAN bridge. IP directed broadcast Packets can identify a target LAN for broadcasts. Enabled Directed broadcast can be used for attacks, disable it. Classless routing behavior Router will forward packets with no concrete route. Enabled Certain  attacks can benefit from this: disable it unless your net requires it. IP subnet zero support  Router will support the illegal zero-bit mask. Disabled Explicitly disable this. IP unreachable notifications Router will explicitly notify senders of incorrect IP addresses. Enabled Can aid network mapping, disable on interfaces to untrusted networks. IP mask reply Router will send an interface’s IP address mask in response to an ICMP mask request. Disabled Can aid IP address mapping; explicitly dis able on interfaces to untrusted networks. IP redirects Router will send an ICMP redirect message in response to certain routed IP packets. Enabled Can aid network mapping, disable on interfaces to untrusted networks. NTP service Router can act as a time server for other devices and hosts. Enabled if NTP is in use If not in use, explicitly disable, otherwise restrict access. Simple Network Mgmt. Protocol Routers can support SNMP remote query and configuration. Enabled If not in use, explicitly disable, otherwise restrict access. Domain Name Service Routers can perform DNS name resolution. Enabled (broadcast) Set the DNS server address explicitly, or disable DNS.