全球旧事资料 分类
络的路由信息RouterCo
figrouterospf100RouterCo
figrouterdistributelist10out6建议启用IPU
icastReversePathVerificatio
。它能够检查源IP地址的准确性,从而可以防止一定的IPSpooli
g。但是它只能在启用CEFCiscoExpressForwardi
g的路由器上使用。Routerco
figt启用CEFRouterCo
figipcef!启用U
icastReversePathVerificatio
RouterCo
figi
terfaceeth01RouterCo
figipverifyu
icastreversepath四路由器审核安全配置
五路由器其他安全配置1及时的升级IOS软件,并且要迅速的为IOS安装补丁。2要严格认真的为IOS作安全备份。3要为路由器的配置文件作安全备份。4购买UPS设备,或者至少要有冗余电源。5要有完备的路由器的安全访问和维护记录日志。6要严格设置登录Ba
er。必须包含非授权用户禁止登录的字样。7IP欺骗得简单防护。如过滤非公有地址访问内部网络。过滤自己内部网络地址;回环地址1270008;RFC1918私有地址;DHCP自定义地址1692540016;科学文档作者测试用地址19202024;不用的组播地址2240004;SUN公司的古老的测试地址20202002420415264023;全网络地址00008。RouterCo
figaccesslist100de
yip19216800000255a
ylog
611
fRouterCo
figaccesslist100de
yip1270000255255255a
ylogRouterCo
figaccesslist100de
yip1921680000255255a
ylogRouterCo
figaccesslist100de
yip1721600015255255a
ylogRouterCo
figaccesslist100de
yip100000255255255a
ylogRouterCo
figaccesslist100de
yip1692540000255255a
ylogRouterCo
figaccesslist100de
yip192020000255a
ylogRouterCo
figaccesslist100de
yip22400015255255255a
yRouterCo
figaccesslist100de
yip2020200000255a
ylogRouterCo
figaccesslist100de
yip204152640002255a
ylogRouterCo
figaccesslist100de
yip00000255255255a
ylog8建议采用访问列表控制流出内部网络的地址必须是属于内部网络的。如:RouterCo
fig
oaccesslist101RouterCo
figaccesslist101permitip19216800000255a
yRouterCo
figaccesslist101de
yipa
ya
ylogRouterCo
figi
terfaceeth01RouterCo
figifdescriptio
“i
ter
etEther
et”RouterCo
figifipaddress19216802542552552550RouterCo
figifipaccessgroup101i
9TCPSYN的防范。如:A通过访问列表防范。RouterCo
fig
oaccesslist106RouterCo
figaccesslist106permittcpa
y19216800000255establishedRouterCo
figaccesslist106de
yipa
ya
ylogRouterCo
figi
terfaceeth02RouterCo
figifdescriptio
“exter
alEther
et”RouterCo
figifipaddress19216812542552552550RouterCo
figifipaccessgroup106i
B:通过TCP截获防范。这r
好听全球资料 返回顶部