Filter
Top Products
24-27
Cisco Router and Security Device Manager 2.5 User’s Guide
OL-4015-12
Chapter 24 Security Audit
Security Configurations Cisco SDM Can Undo
• Configuring AAA—If the Authentication, Authorization, and Accounting
(AAA) service is not configured, AutoSecure configures local AAA and
prompts for configuration of a local username and password database on the
router. Cisco SDM does not support AAA configuration.
• Setting SPD Values—Cisco SDM does not set Selective Packet Discard
(SPD) values.
• Enabling TCP Intercepts—Cisco SDM does not enable TCP intercepts.
• Configuring anti-spoofing ACLs on outside interfaces—AutoSecure creates
three named access lists used to prevent anti-spoofing source addresses.
Cisco SDM does not configure these ACLs.
AutoSecure Features Implemented Differently in Cisco SDM
• Disable SNMP—Cisco SDM will disable SNMP, but unlike AutoSecure, it
does not provide an option for configuring SNMP version 3.
• Enable SSH for Access to the Router—Cisco SDM will enable and configure
SSH on crypto Cisco IOS images, but unlike AutoSecure, it will not enable
Service Control Point (SCP) or disable other access and file transfer services,
such as FTP.
Security Configurations Cisco SDM Can Undo
This table lists the security configurations that Cisco SDM can undo.
Security Configuration Equivalent CLI
Disable Finger Service No service finger
Disable PAD Service No service pad
Disable TCP Small Servers Service No service tcp-small-servers
no service udp-small-servers
Disable IP BOOTP Server Service No ip bootp server
Disable IP Identification Service No ip identd
Disable CDP No cdp run
Disable IP Source Route No ip source-route