Problem or Goal:
Cause:
Solution:
To secure ScreenOS against attacks, implement the following recommendations:
Change the default username and password.
Command:set admin name <name>
Example:
set admin name a$df@d
Command:
set admin password <plain-text password>
Example:
set admin password abcdefgh123
Enable manager-ip. This is device wide and limits the IP addresses that are allowed to manage the device. All other management requests are silently dropped.
Command:
set admin manager-ip <ip> <mask>
Example:set admin manager-ip 10.1.1.30 255.255.255.255
Enable manage-ip. This is per interface and allows management requests to an IP address that is different than the physical IP.
Command:set interface <interface> manage-ip <ip>
Example:
set interface ethernet0/0 manage-ip 10.1.1.5
Disable the physical interface management. This is per interface, and will allow management to only be accepted for requests sent the manage-ip (see above).
Command:unset interface <interface> manageable
Example:
unset interface ethernet0/0 manageable
Disable unused services. This is per interface and will only permit the defined services to respond on the interface.
Services: ident-reset, mtrace, ping, snmp, ssh, ssl, telnet, web.
Recommendation: permit secure protocols only on management/trusted interfaces (ssl, ssh)
Command:unset interface <interface> manageset interface <interface> manage <service>Example:unset interface ethernet0/0 manage
set interface ethernet0/0 manage ssh
Looking for Norton Support visit our website or reffer our blog for Norton Antivirus trouble shooting "norton internet security login norton norton sonar protection error
ReplyDelete"