Securing Cisco IOS

Best Practices and Securing Cisco IOS

ip scp server enable

hostname Rooter
ip domain-name
crypto key generate rsa modulus 2048
ip ssh time-out 120
ip ssh version 2
ip scp server enable
login block-for 300 attempts 4 within 120
login delay 2
login on-failure log
login on-success log
username admin privilege 15 secret 0 cisco
aaa new-model
aaa authentication login default local-case
aaa authorization exec default local if-authenticated
ip access-list extended VTY-in
 remark == Network Engineering VPNs
 permit ip any
 remark == Network Management Servers
 permit ip any
line con 0
 logging synchronous
 transport preferred none
 escape-character 3
line aux 0
 exec-timeout 0 1
 no exec
 transport output none
line vty 0 15
 access-class VTY-in in
 logging synchronous
 transport preferred none
 transport input ssh
 escape-character 3
no ip source-route
ip options drop
no ip http server
no ip http secure-server
no service tcp-small-servers
no service udp-small-servers
service password-encryption
service tcp-keepalives-in
service tcp-keepalives-out
no service dhcp
no ip bootp server
no ip finger
no ip identd
no service config
no lldp run global
no mop enabled
no service pad
banner login ^
You have logged on to a COMPANY proprietary device. 

This device may be used only for the authorized business purposes
of COMPANY. Anyone found using this device or its information for
any unauthorized purpose may be subject to disciplinary action
and/or prosecution. Have a nice day! :)
snmp-server location HQ
ip access-list 60 remark == SNMP RO
ip access-list 60 remark -ServerName
ip access-list 60 permit
ip access-list 60 deny ip any any log
! SNMP v2
snmp-server community r0u73rj0ck3y RO 60
! SNMP v3 <-- More Secure
snmp-server user snmpv3user PRIVGROUP v3 auth md5 authpassword priv 3des privpassword access 60
logging host
service timestamps log datetime localtime msec show-timezone
ntp server preferred
ntp server




This entry was posted in Cisco. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s