Networking

Router vulnerability: Which Cisco services should be disabled?

You may have services running by default on your Cisco routers that you only vaguely understand or even know about, which can turn into a security problem. Learn what services are enabled and disabled by default and which ones you can probably turn off if you're not using them.

If you're concerned about security, one of the first places you start looking on any system is the default services that are running. Running services that haven't been configured correctly or that are completely unneeded opens up big holes for hackers and other ne'er-do-wells out there looking to access or damage your network. Many Windows administrators have learned this the hard way, and Cisco administrators also need to know what the services are and which ones can or should be disabled.

You can download the Global Network white paper "How Vulnerable Are Your Cisco IOS Routers?" from the TechRepublic directory to get the low-down on Cisco services.

This eight-page paper, written by expert Carol Kavalla, covers services that are enabled by default, with descriptions of each and what they do, including:

  • BOOTP server
  • Cisco Discovery Protocol (CDP)
  • HTTP Configuration and Monitoring
  • Domain Name System (DNS)
  • Packet Assembler / Disassembler (PAD)
  • Internet Control Message Protocol (ICMP) Redirects
  • IP Source Routing
  • Finger Service
  • Proxy ARP
  • IP Directed Broadcast

Kavalla also covers Cisco services that are disabled by default and includes some other best practice tips for router security.

Don't miss out on this valuable resource -- download it here.

About

Selena has been at TechRepublic since 2002. She is currently a Senior Editor with a background in technical writing, editing, and research. She edits Data Center, Linux and Open Source, Apple in the Enterprise, The Enterprise Cloud, Web Designer, and...

1 comments
Doug Vitale
Doug Vitale

I would also make sure that "TCP and UDP Small Servers" are disabled. They are disabled by default in IOS v11.3 and above. The DHCP service should be disabled if the router isn't working as a DHCP server. The FTP server is disabled in IOS 12.0 and above - this is something that should definitely be checked. The article mentioned Proxy ARP but didn't mention Gratuitous ARP, which should be shut off as well. SNMP should also be disabled if not used.

Editor's Picks