commands for disabling typical unneeded services.
! ----- IP and network services section
no cdp run
no ip source-route
no service tcp-small-serv
no service udp-small-serv
no ip finger
no service finger
no ip bootp server
!
no service pad
no ip http server
no ip name-server
no ip domain-lookup
! ----- Boot control section
no boot network
no service config
! ----- SNMP Section (for totally disabling SNMP)
! disable SNMP trap and system-shutdown features
no snmp-server enable traps
no snmp-server system-shutdown
no snmp-server trap-auth
! turn off SNMP altogether
no snmp-server
! ----- Per-interface services section
interface eth 0/0
description Outside interface to 14.1.0.0/16 net
no ip proxy-arp
no ip directed-broadcast
no ip unreachable
no ip redirect
no mop enabled
ntp disable
!
interface eth 0/1
description Inside interface to 14.2.9.0/24 net
no ip proxy-arp
no ip directed-broadcast
no ip unreachable
no ip redirect
no mop enabled
ntp disable
!
interface eth 0/2
description Unused interface
no ip proxy-arp no ip directed-broadcast
no ip unreachable
no ip redirect
no mop enabled
ntp disable
shutdown
!
interface loopback0
description Loopback interface for service bindings
no ip proxy-arp
no ip directed-broadcast
no ip unreachable
no ip redirect
ntp disable
!
end
by NSA [National Security Agency]
No comments:
Post a Comment