Cisco网络设备加固规范
中国移动通信有限公司管理信息系统部
2020年7月
目录
1帐号管理、认证授权 (2)
1.1本机认证和授权 (2)
1.1.1SHG-Cisco-01-01-01 (2)
1.2设置特权口令 (3)
1.2.1SHG-Cisco-01-02-01 (3)
1.2.2SHG-Cisco-01-02-02 (3)
1.3登录要求 (4)
1.3.1SHG-Cisco-01-03-01 (4)
1.3.2SHG-Cisco-01-03-02 (5)
1.3.3SHG-Cisco-01-03-03 (5)
2日志配置 (7)
2.1.1SHG-Cisco-03-01-01 (7)
3通信协议 (8)
3.1.1SHG-Cisco-03-01-01 (8)
3.1.2SHG-Cisco-03-01-02 (9)
3.1.3SHG-Cisco-03-01-03 (9)
3.2SHG-C ISCO-05-01-04 (10)
3.2.1SHG-Cisco-03-02-01 (11)
3.2.2SHG-Cisco-03-02-02 (11)
4设备其它安全要求 (13)
4.1.1SHG-Cisco-04-01-01 (13)
4.1.2SHG-Cisco-04-01-02 (14)
4.1.3SHG-Cisco-04-01-03 (15)
4.1.4SHG-Cisco-01-01-04 (15)
4.1.5SHG-Cisco-04-01-05 (16)
4.1.6SHG-Cisco-04-01-06 (17)
4.1.7SHG-Cisco-04-01-07 (17)
4.1.8SHG-Cisco-04-01-08 (18)
4.1.9SHG-Cisco-04-01-09 (18)
4.1.10SHG-Cisco-04-01-10 (19)
本建议用于Cisco路由器和基于Cisco IOS的交换机及其三层处理模块,其软件版本为CISCO IOS 12.0及以上版本。加固前应该先备份系统配置文件。
1帐号管理、认证授权
1.1 本机认证和授权
1.1.1S HG-Cisco-01-01-01
1.2 设置特权口令1.
2.1S HG-Cisco-01-02-01
1.2.2S HG-Cisco-01-02-02
1.3 登录要求
1.3.1S HG-Cisco-01-03-01
1.3.2S HG-Cisco-01-03-02
C
1.3.3S HG-Cisco-01-03-03
2日志配置
2.1.1S HG-Cisco-03-01-01
3通信协议
3.1.1S HG-Cisco-03-01-01
3.1.2S HG-Cisco-03-01-02
3.1.3S HG-Cisco-03-01-03
3.2SHG-Cisco-05-01-04
3.2.1S HG-Cisco-03-02-01
3.2.2S HG-Cisco-03-02-02
4设备其它安全要求4.1.1S HG-Cisco-04-01-01
4.1.2S HG-Cisco-04-01-02
4.1.3S HG-Cisco-04-01-03
4.1.4S HG-Cisco-01-01-04
4.1.5S HG-Cisco-04-01-05
4.1.6S HG-Cisco-04-01-06
4.1.7S HG-Cisco-04-01-07
4.1.8S HG-Cisco-04-01-08
4.1.9S HG-Cisco-04-01-09
4.1.10SHG-Cisco-04-01-10