Stronger Together: Developing an Organizational Strategy for Accessible Desig...
Some important router commands
1. Some important commands, useful to protect your router from layesr 1 attacks..
Disable unused interfaces.
Router (config)# interface
Router (config-if)#shutdown
2.Turn off CDP
Router (config)#no cdp run
3.Turn off Bootp
Router (config)#no ip bootp server
4.Turn off small servers
Router (config)#no service tcp-small-server
Router (config)#no service udp-small-server
5.Turn off FTP server
Router (config)#no ftp server enable
6.Turn off TFTP server
Router (config)#no tftp server enable
7.Turn off NTP server.
Router (config)#no ntp server
8.Turn off service pad
Router (config)#no service pad
9.Turn off finger service
Router (config)#no ip finger
10.Use complex password for snmp string and it must be configured as RO
11.SDM
Use https only
Router (config)#no ip http server
Router (config)#ip http secure-server
12.For the untrusted interfaces
Router (config)#interface
Router (config-if)#no ip redirects
2. Router (config-if)#no ip unreachables
Router (config)#no ip source-route
Router (config)#no ip domain look-up
13.Turn on keepalives.
Router (config)#service tcp-keepalives-in
Router (config)#service tcp-keepalives-out
14.Turn off gratuitous arps
Router (config)#no ip gratuitous-arps
15.Turn off proxy arp
Router (config)#interface (untrusted)
Router (config-if)#no ip proxy-arp
16.Turn off ip directed broadcast.
Router (config)#interface (untrusted)
Router (config-if)#no ip directed-broadcast
Some important commands, useful to protect your router from layesr 1 attacks.
Disable unused interfaces.
Router (config)# interface
Router (config-if)#shutdown
2.Turn off CDP
Router (config)#no cdp run
3.Turn off Bootp
Router (config)#no ip bootp server
4.Turn off small servers
Router (config)#no service tcp-small-server
Router (config)#no service udp-small-server
5.Turn off FTP server
Router (config)#no ftp server enable
6.Turn off TFTP server
Router (config)#no tftp server enable
7.Turn off NTP server.
Router (config)#no ntp server
3. 8.Turn off service pad
Router (config)#no service pad
9.Turn off finger service
Router (config)#no ip finger
10.Use complex password for snmp string and it must be configured as RO
11.SDM
Use https only
Router (config)#no ip http server
Router (config)#ip http secure-server
12.For the untrusted interfaces
Router (config)#interface
Router (config-if)#no ip redirects
Router (config-if)#no ip unreachables
Router (config)#no ip source-route
Router (config)#no ip domain look-up
13.Turn on keepalives.
Router (config)#service tcp-keepalives-in
Router (config)#service tcp-keepalives-out
14.Turn off gratuitous arps
Router (config)#no ip gratuitous-arps
15.Turn off proxy arp
Router (config)#interface (untrusted)
Router (config-if)#no ip proxy-arp
16.Turn off ip directed broadcast.
Router (config)#interface (untrusted)
Router (config-if)#no ip directed-broadcast
