Re: Internet Security Config Recommendation - Cisco 2960

From: Nadeem Ansari (nadeem.ansari574@gmail.com)
Date: Wed Mar 04 2009 - 05:31:14 ARST

• Next message: ma59 us: "Advertise RIP routes to R1"
• Previous message: joe_astorino@comcast.net: "Re: OSPF metric issue"
• Maybe in reply to: Ronald Ramzy: "Internet Security Config Recommendation - Cisco 2960"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Try for Auto-secure template command of Cisco IOS

Regards
Nadeem

On Wed, Mar 4, 2009 at 11:36 AM, Ronald Ramzy <ronald.ramzy@gmail.com>wrote:

> Thanks.
>
> I was looking for a switch security document similar to Router-Hardening
> document from cisco.
> If you can help with that.
>
> Cheers
>
> On Tue, Mar 3, 2009 at 5:47 PM, Pavel Bykov <slidersv@gmail.com> wrote:
>
> > 1. If you can define criteria, use ingress policing. If you can't, use
> > egress shaping on every port connected to those three routers. Check out
> > 2960 in DOCCD for guides to configuring QoS.
> > 2. Yes, BUT use ACL and access-class, strong passwords, and preferably
> SSH.
> > 3. Many many different ones. Start with turning off HTTP server, setup
> > strong passwords, use at least local database and AAA, setup logging,
> setup
> > login retries, timeouts and blocks, banners...
> > There is a whole training for that: Securing Cisco IOS
> >
> >
> >
> > On Tue, Mar 3, 2009 at 9:56 AM, Ronald Ramzy <ronald.ramzy@gmail.com
> >wrote:
> >
> >> Hi,
> >>
> >> I need security recommendation on my scenario.
> >>
> >> 2MB Internet link is terminated on a Cisco 2960 switch and three routers
> >> are
> >> connected from it going to different departments.
> >>
> >>
> >> - how can i configure the switch to provide bandwidth as 512KB / 1MB /
> >> 512KB going to routers. ( r1 / r2 / r3 )
> >> - is it safe to connect the switch to network to see Bandwidth
> utization
> >> of the link.
> >> - wht security configuration is required to secure the switch
> >>
> >>
> >> Blogs and organic groups at http://www.ccie.net
> >>
> >> _______________________________________________________________________
> >> Subscription information may be found at:
> >> http://www.groupstudy.com/list/CCIELab.html
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >
> >
> > --
> > Pavel Bykov
> > ----------------
> > Don't forget to help stopping the braindumps, use of which reduces value
> of
> > your certifications. Sign the petition at http://www.stopbraindumps.com/
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net

• Next message: ma59 us: "Advertise RIP routes to R1"
• Previous message: joe_astorino@comcast.net: "Re: OSPF metric issue"
• Maybe in reply to: Ronald Ramzy: "Internet Security Config Recommendation - Cisco 2960"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Apr 06 2009 - 06:44:04 ART