CIS Cisco Update - 22 March 2021
CIS_Cisco_2021_02_v1
--------------------
This package will update the CIS Policies and Policy Rules on a given
NetMRI to the CIS Cisco Benchmarks that were available in February 2021.
In this archive, the following CIS Policies are provided:
- CIS Cisco IOS Benchmark V1.1.1
- CIS Cisco Firewall Benchmark V4.1.0
The installation program will update existing rules on the device based
on the title of the existing rules; if the program cannot find the rule
that is being updated, it will create the new rule(s) from the latest
CIS Benchmarks. It will also remove rules that are no longer needed that
have been found on the device.
INSTALLATION
------------
See the file INSTALL
Changes Since CIS_Cisco_2020_07_v1
----------------------------------
- 1.2.1 Set 'privilege 1' for local users
- 1.2.2 Set 'transport input ssh' for 'line vty' connections
- 1.2.3 Set 'no exec' for 'line aux 0'
- 1.2.4 Create 'access-list' for use with 'line vty'
- 1.2.5 Set 'access-class' for 'line vty'
- 1.2.6 Set 'exec-timeout' to less than or equal to 10 minutes for
'line aux 0'
- 1.2.7 Set 'exec-timeout' to less than or equal to 10 minutes 'line
console 0'
- 1.2.8 Set 'exec-timeout' less than or equal to 10 minutes 'line tty'
- 1.2.9 Set 'exec-timeout' to less than or equal to 10 minutes 'line
vty'
- 1.2.10 Set 'transport input none' for 'line aux 0'
- 1.2.11 Set 'http Secure-server' limit
- 1.2.12 Set 'exec-timeout' to less than or equal to 10 min on 'ip
http'
- 1.3.4 Set the 'banner-text' for 'webauth banner'
- 1.5.7 Set 'snmp-server host' when using SNMP
- 1.5.8 Set 'snmp-server enable traps snmp'
- 1.6.1 Configure Login Block
- 1.6.2 AutoSecure
- 1.6.3 Configuring Kerberos
- 1.6.4 Configure Web interface
- 3.1.2 Set 'no ip proxy-arp'
- 3.2.1 Set 'ip access-list extended' to Forbid Private Source
Addresses from External Networks
- 3.2.2 Set inbound 'ip access-group' on the External Interface
- 3.3.1.5 Set 'af-interface default'
- 3.3.1.6 Set 'authentication key-chain'
- 3.3.1.7 Set 'authentication mode md5'
- 3.3.2.1 Set 'authentication message-digest' for OSPF area
- 3.3.2.2 Set 'ip ospf message-digest-key md5'
- 3.3.4.1 Set 'neighbor password'
Checksum
------------
d3c1cbd9cf2ea87c831547cf5f72b6bf25b4a57bb9f3575f874922aee2801c40 CIS-Cisco-2021-02.tar.gz
ec8a8a5ef75d8491b3b8966b3090ffd1 CIS-Cisco-2021-02.tar.gz
Categories
- All Categories
- 5.1K Forums
- 4.6K Critical Network Services
- 463 Security
- Visibility and Insights
- Ideas Portal
- Webinars & Events
- 266 Resources
- 266 News & Announcements
- Knowledge Base Articles
- Infoblox Documentation Portal
- Infoblox Blog
- Support Portal
- 4 Members Hub
- 4 Getting Started with Community
- Community Support