Here is a good document to get you started:
Cisco Guide to Harden Cisco IOS Devices
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a008
0120f48.shtml
Also if you want to just take the easy route, use "auto secure" ;-)
Rack1R1#auto secure ?
firewall AutoSecure Firewall
forwarding Secure Forwarding Plane
full Interactive full session of AutoSecure
login AutoSecure Login
management Secure Management Plane
no-interact Non-interactive session of AutoSecure
ntp AutoSecure NTP
ssh AutoSecure SSH
tcp-intercept AutoSecure TCP Intercept
<cr>
Rack1R1#auto secure
--- AutoSecure Configuration ---
*** AutoSecure configuration enhances the security of
the router, but it will not make it absolutely resistant
to all security attacks ***
AutoSecure will modify the configuration of your device.
All configuration changes will be shown. For a detailed
explanation of how the configuration changes enhance security
and any possible side effects, please refer to Cisco.com for
Autosecure documentation.
At any prompt you may enter '?' for help.
Use ctrl-c to abort this session at any prompt.
Gathering information about the router for AutoSecure
Is this router connected to internet? [no]:
HTH,
Brian Dennis, CCIEx5 #2210 (R&S/ISP-Dial/Security/SP/Voice)
bdennis_at_ine.com
INE, Inc.
http://www.INE.com
On 5/23/12 9:41 PM, "Kiran Parashare" <kiran.ccie_at_gmail.com> wrote:
>Hello Guys,
>
>i have 3945 router connected to Internet, i would like to harden it but
>help me what are the parameters i have to configured, like DDOS,Syn.
>
>Any sample config will be apprecitated.
>
>Thanks in Advance
>
>
>Blogs and organic groups at http://www.ccie.net
>
>_______________________________________________________________________
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Thu May 24 2012 - 01:21:53 ART
This archive was generated by hypermail 2.2.0 : Sun Jun 17 2012 - 09:04:20 ART