Difference between revisions of "Netband Project - Device hardening"
From Teknologisk videncenter
(→Reserve Memory for Console Access) |
(→Reserve Memory for Console Access) |
||
| Line 42: | Line 42: | ||
*used in order to reserve enough memory to ensure console access to a Cisco IOS device | *used in order to reserve enough memory to ensure console access to a Cisco IOS device | ||
<pre>memory reserve console 4096 | <pre>memory reserve console 4096 | ||
| + | </pre> | ||
| + | ==Memory Leak Detector== | ||
| + | *used in order to check the memory structures of a device and acquire the latest crash information to determine what processes corrupt the chunks. | ||
| + | <pre> | ||
| + | scheduler heapcheck process memory | ||
| + | </pre> | ||
| + | ==Buffer Overflow: Detection and Correction of Redzone Corruption== | ||
| + | <pre>exception memory ignore overflow io | ||
| + | exception memory ignore overflow processor | ||
</pre> | </pre> | ||
==External links== | ==External links== | ||
[http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080120f48.shtml Cisco Guide to Harden Cisco IOS Devices] | [http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080120f48.shtml Cisco Guide to Harden Cisco IOS Devices] | ||
Revision as of 13:31, 16 April 2009
<accesscontrol>NetBand</accesscontrol>
This page is part of the Netband Project
- Management Plane—The management plane manages traffic that is sent to the Cisco IOS device and is made up of applications and protocols such as SSH and SNMP.
- Control Plane—The control plane of a network device processes the traffic that is paramount to maintaining the functionality of the network infrastructure. The control plane consists of applications and protocols between network devices.
- Data Plane—The data plane forwards data through a network device. The data plane does not include traffic that is sent to the local Cisco IOS device.
Contents
Exclusive Configuration Change Access
- ensures that only one administrator makes configuration changes to a Cisco IOS device at a given time.
B1rt1(config)#configuration mode exclusive auto ! B1rt1(config)#interface fa0/0 Configuration mode locked exclusively by user 'admin' process '56' from terminal '195'. Please try later.
Cisco IOS Software Resilient Configuration
- stores a copy of the Cisco IOS software image and device configuration that is currently being used by a Cisco IOS device.
- Can only be disabled through console access
secure boot-image secure boot-config
B1rt1#sh secure bootset IOS resilience router id FCZ111910E5 IOS image resilience version 12.4 activated at 11:05:51 UTC Thu Apr 16 2009 Secure archive flash:c2801-advipservicesk9-mz.124-9.T.bin type is image (elf) [] file size is 30588892 bytes, run size is 30754576 bytes Runnable image, entry point 0x8000F000, run from ram IOS configuration resilience version 12.4 activated at 11:06:11 UTC Thu Apr 16 2009 Secure archive flash:.runcfg-20090416-110611.ar type is config configuration archive size 4555 bytes
B1rt1(config)#no secure boot-config %You must be logged on the console to apply this command
B1rt1(config)#secure boot-config restore flash:rescueconf ios resilience:configuration successfully restored as flash:rescueconf
Reserve Memory for Console Access
- used in order to reserve enough memory to ensure console access to a Cisco IOS device
memory reserve console 4096
Memory Leak Detector
- used in order to check the memory structures of a device and acquire the latest crash information to determine what processes corrupt the chunks.
scheduler heapcheck process memory
Buffer Overflow: Detection and Correction of Redzone Corruption
exception memory ignore overflow io exception memory ignore overflow processor