miércoles, 30 de octubre de 2013

Análisis de las mejores prácticas en configuraciones Cisco

Introducción:

Este apartado, va referido a las recomendaciones que hace Cisco en cuanto a las mejores prácticas en cuanto a las configuraciones de equipamiento Cisco.



CategoriaRiesgoExcepciónOS
BGPMedioBGP Consistency Check not enabledIOS
EIGRPAltoEIGRP auto summarization enabled (default enabled)IOS
EIGRPMedioDefault EIGRP Passive Interface not configured.IOS
EIGRPMedioEIGRP MD5 Disabled on InterfaceIOS
EIGRPMedioNo EIGRP router-id configuredIOS
EIGRPMedioNo Redistribution Metrics Defined for EIGRPIOS
IP ApplicationsMedioHSRP Preempt delay not configuredIOS
IP ApplicationsMedioNTP not protected by ACLIOS
IP ApplicationsMedioStandby delay minimum reload not configuredIOS
IP ApplicationsBajoNTP Update Calendar DisabledIOS
IP ApplicationsBajoNTP authentication not enabledIOS
IP ApplicationsBajoNTP enabled without time zoneIOS
IP ApplicationsBajoNTP source interface not definedIOS
IP ApplicationsBajoNTP summertime not enabledIOS
IP ApplicationsBajoNo redundant NTP serverIOS
IP RoutingMedioIOS Static Route Missing ParametersIOS
IP RoutingMedioRecursive static routes are presentIOS
IP RoutingBajoIP Classless disabledIOS
IP RoutingBajoName Parameter Missing from Static RoutesIOS
IP RoutingBajoNetBIOS UDP broadcasts enabledIOS
InfrastructureAltoCisco IOS Image VerificationIOS
InfrastructureLowExec enabled on line auxIOS
LANAltoSpanning-tree disabled on one or more VLANsIOS
LANMedioBPDU Guard Not EnabledIOS
LANMedioLoopguard not configuredIOS
LANMedioMAC address move notification not enabledIOS
LANMedioPortfast not enabled on access or edge portIOS
LANMedioUDLD Globally DisabledIOS
LANMedioVLANs not cleared from trunkIOS
LANMedioVTP domain name not setIOS
LANBajoComplete Power-on Diagnostics DisabledIOS
LANBajoDynamic trunking is enabled on a static access portIOS
LANBajoStackWise SNMP Traps Not EnabledIOS
ManagementMedioCDP disabled on an interfaceIOS
ManagementMedioLogging to the console is enabledIOS
ManagementMedioLoopback interface not usedIOS
ManagementMedioSNMP server memory traps not enabledIOS
ManagementMedioSyslog level not set to informationalIOS
ManagementMedioWarmStart SNMP Traps Not EnabledIOS
ManagementBajoCPU Thresholding Notification is not enabled.IOS
ManagementBajoColdStart SNMP Traps Not EnabledIOS
ManagementBajoConfiguration Management SNMP Traps Not EnabledIOS
ManagementBajoInterface level syslog events not disabledIOS
ManagementBajoInterface traps not disabled on at least one interfaceIOS
ManagementBajoLinkup and Linkdown SNMP Traps Not EnabledIOS
ManagementBajoMemory Threshold Notifications (I-O) Not EnabledIOS
ManagementBajoMemory Threshold Notifications (Processor) Not EnabledIOS
ManagementBajoNagle service disabledIOS
ManagementBajoNo interface descriptionIOS
ManagementBajoNo redundant SNMP trap receiverIOS
ManagementBajoNo redundant syslog serverIOS
ManagementBajoSNMP Interface Index Persistence not enabledIOS
ManagementBajoSNMP contact not definedIOS
ManagementBajoSNMP location not definedIOS
ManagementBajoSNMP trap source not definedIOS
ManagementBajoSNMP traps not enabledIOS
ManagementBajoSyslog source interface not definedIOS
ManagementBajoThe Call Home feature is not configuredIOS
ManagementBajoThe Enhanced Crashinfo File Collection feature is not configured.IOS
ManagementBajoTimestamping for debugging not set for datetimeIOS
ManagementBajoTimestamping for logging not set for datetimeIOS
ManagementBajoUnnecessary Syslog SNMP trap configuredIOS
SecurityAltoEnable password not adequately protectedIOS
SecurityAltoSNMP access for IPv4 is not protected with an access-list.IOS
SecurityAltoThe aaa authentication login command(s) is/are not configured optimally.IOS
SecurityAltoVlan 1 interface usedIOS
SecurityMedioAAA connection accounting disabledIOS
SecurityMedioAAA system accounting disabledIOS
SecurityMedioDHCP server enabledIOS
SecurityMedioHSRP Updates not authenticatedIOS
SecurityMedioHSRP Virtual MAC Address not modifiedIOS
SecurityMedioHTTP secure-server is enabled.IOS
SecurityMedioHTTP server enabledIOS
SecurityMedioICMP redirects not disabled on an InterfaceIOS
SecurityMedioIOS Software Resilient Configuration secure boot-config disabledIOS
SecurityMedioLocal user account is not protected against potential brute-force attacksIOS
SecurityMedioPAD service enabledIOS
SecurityMedioSNMPv3 not usedIOS
SecurityMedioSSH Not Used or Not Used Exclusively for Remote Access.IOS
SecurityMedioSSH V2 not used for device AccessIOS
SecurityMedioSecurity Password Minimum Length Less Than 8IOS
SecurityMedioUnicast reverse path disabledIOS
SecurityMedioVTY line timeout disabledIOS
SecurityMedioVTY line timeout is longer than 30 minsIOS
SecurityMedioVTY lines not protected with an access listIOS
SecurityBajoA user account is not protected with MD5IOS
SecurityBajoAuthentication SNMP Traps Not EnabledIOS
SecurityBajoBOOTP server enabledIOS
SecurityBajoCDP is enabled globally and active on all interfaces.IOS
SecurityBajoDHCP lease time low or infiniteIOS
SecurityBajoICMP unreachables enabled on all interfaces of this device.IOS
SecurityBajoIP Source Routing enabledIOS
SecurityBajoIP options allowedIOS
SecurityBajoIncorrectly entered commands will generate a DNS lookup.IOS
SecurityBajoPassword recovery is EnabledIOS
SecurityBajoProxy ARP is enabledIOS
SecurityBajoRedundant AAA server unavailableIOS
SecurityBajoSecurity authentication failure rate disabledIOS
SecurityBajoService sequence-numbers not enabledIOS
SecurityBajoTACACS+ packets not being sourced from a specifically defined interfaceIOS
SecurityBajoTCP keepalives not enabled in both directionsIOS