Re: ATTN Tony Whitmore please

From: Scott (scotw@charter.net)
Date: 07/28/02 

From: "Scott" <scotw@charter.net>
Date: Sun, 28 Jul 2002 08:27:27 -0500

I'd like to chime in on this one.

Disable the HTTP management interface.

!
no ip http server
!

You might want to keep your telnet administration interface active. I don't
know how big your network is but it can be a pain in the *** going without
it. Depending on what size router you have you could use ssh or IPSEC to
connect to the interface. Also setup an access control list for access to
any administrative services. One more thought, use dynamic access lists with
local or TACACS/RADIUS authentication to authenticate administrators to the
router. The following link should have the info you need to do this.

A good refrence is the National Security Agencies Cisco Router Security
Guides.

http://nsa1.www.conxion.com

Just my 2.0134 cents worth

Scot

"Tobamore" <tobamore@DELETE_MEyahoo.co.uk> wrote in message
news:p3d7kucn1aeldfpqjrfbmtd0op7d8bofm1@4ax.com...
> Hello Tony,
> I read your reply re routers firewall on this board and it seems
> that you really know your stuf. In your reply you mentioned open telnet
> ports etc. If I scan my router at pcflank etc my telnet & http ports are
> found to be open, they are open to allow remote management and are both
> password protected I can close these ports by disabling remote management
> and if I ned to change anything I can use hyperterminal and a serial lead
to
> do so apparently. Would you really reccomend that I disable remote
> management and also am I likely to need to change my routers settings when
> they are working fine?
>
> TIA
>
> T
>
> Hope this makes some sense?

Quantcast