Appendix C
Disabling and Configuring Network Services
By default, the Cisco IOS runs some services that are unnecessary to its normal operation, and if you don’t disable them, they can be easy targets for denial-of-service (DoS) attacks and break-in attempts.
DoS attacks are the most common attacks because they are the easiest to perform. Using software and/or hardware tools such as an intrusion detection system (IDS) and intrusion prevention system (IPS) tools can both warn and stop these simple, but harmful, attacks. However, if we can’t implement IDS/IPS, there are some basic commands we can use on our router to make them more safe. Keep in mind, though, that nothing will make you completely safe in today’s networks.
Let’s take a look at the basic services we should disable on our routers.
Blocking SNMP Packets
The Cisco IOS default configurations permit remote access from any source, so unless you’re either way too trusting or insane, it should...