User`s guide

16-27

Cisco Router and Security Device Manager Version 2.2 User’s Guide

OL-4015-08

Chapter 16 Security Audit

Security Configurations SDM Can Undo

• Configuring AAA—If the Authentication, Authorization, and Accounting

(AAA) service is not configured, AutoSecure configures local AAA and

prompts for configuration of a local username and password database on the

router. SDM does not support AAA configuration.

• Setting SPD Values—SDM does not set Selective Packet Discard (SPD)

values.

• Enabling TCP Intercepts—SDM does not enable TCP intercepts.

• Configuring anti-spoofing ACLs on outside interfaces—AutoSecure creates

three named access lists used to prevent anti-spoofing source addresses. SDM

does not configure these ACLs.

AutoSecure Features Implemented Differently in SDM

• Disable SNMP—SDM will disable SNMP, but unlike AutoSecure, it does not

provide an option for configuring SNMP version 3.

• Enable SSH for Access to the Router—SDM will enable and configure SSH

on crypto Cisco IOS images, but unlike AutoSecure, it will not enable Service

Control Point (SCP) or disable other access and file transfer services, such as

FTP.

Security Configurations SDM Can Undo

This table lists the security configurations that SDM can undo.

Security Configuration Equivalent CLI

Disable Finger Service No service finger

Disable PAD Service No service pad

Disable TCP Small Servers Service No service tcp-small-servers

no service udp-small-servers

Disable IP BOOTP Server Service No ip bootp server

Disable IP Identification Service No ip identd

Disable CDP No cdp run

Disable IP Source Route No ip source-route