The SDM security audit feature compares router configurations to a
predefined checklist of best practices using ICSA and Cisco TAC
recommendations.
Examples of the audit include, but are not limited to,
the following:
- Shuts down unneeded servers on the router. These servers include BOOTP,
finger, tcp/udp small-servers.
- Shuts down unneeded services on the router. These services include CDP, ip
source-route, ip classless.
- Applies a firewall to the outside interfaces.
- Disables SNMP or enables it with hard-to-guess community strings.
- Shuts down unused interfaces using no ip
proxy-arp.
- Forces passwords for the router console and VTY lines.
- Forces an enable secret password.
- Enforces the use of ACLs.
Security Audit
contains
two modes:
-
Security Audit – Examines router configuration, then displays the
Report Card screen, which shows a list of possible security problems. The
administrator can then pick and choose which vulnerability to lock down.
-
One-step lockdown – Initiates the automatic lockdown using
recommended settings.