1. About This Report
1.1.
Organisation
1.2.
Conventions
2. Security Audit
2.1.
Introduction
2.2.
Dictionary-based Password / Key
2.3.
Weak Passwords / Keys
2.4.
Directed Broadcasts
2.5.
OSPF Authentication
2.6.
Inbound TCP Connection Keep Alives
2.7.
IP Source Routing
2.8.
HyperText Transport Protocol Service
2.9.
Simple Network Management Protocol
2.10.
ICMP Redirects
2.11.
Logging
2.12.
Proxy ARP
2.13.
Cisco Discovery Protocol
2.14.
Classless Routing
2.15.
BOOTP
2.16.
TCP and UDP Small Servers
2.17.
IP Unreachables
2.18.
Packet Assembler / Disassembler
2.19.
Maintenance Operations Protocol
2.20.
Conclusions
3. Device Configuration
3.1.
Introduction
3.2.
General
3.3.
Services
3.4.
Domain Name Settings
3.5.
Time Zone Settings
3.6.
User Accounts and Privilages
3.7.
Logging
3.8.
Simple Network Management Protocol
3.9.
Secure Shell
3.10.
Routing
3.11.
Interfaces
4. Appendix
4.1.
Abbreviations
4.2.
Common Ports
4.3.
Logging Severity Levels
4.4.
Time Zones
4.5.
Nipper Details
1. About This Report
This Cisco Router RBD52 report was produced by Nipper on Friday 24 March 2023. The report contains the following sections:
- a security audit report section that details any identified security-related issues. Each security issue includes a description of the issue, its impact, how easy it would be to exploit and a recommendation. The recommendations include, where appropriate, the command(s) to resolve the issue;
- a configuration report section that details the configuration settings;
- an abbreviations appendix section that expands any abbreviations used within the report;
- a common ports appendix section that details the TCP and UDP port numbers for the common services outlined within the report;
- an appendix section detailing the logging severity levels used by the logging facility;
- a time zones appendix section that details a number of the most commonly used time zones;
- an appendix section detailing the software used to produce this report.
This report makes use of the text conventions outlined in Table 1.
Table 1: Report text conventions
| Convention |
Description |
command | This text style represents the Cisco Router command text that has to be entered literally. |
string | This text style represents the Cisco Router command text that the you have to enter. |
[ ] | Used to enclose a Cisco Router command option. |
{ } | Used to enclose a Cisco Router command requirement. |
| | Divides command option or requirement choices. |
Nipper performed a security audit of the Cisco Router RBD52 on Friday 24 March 2023. This section details the findings of the security audit together with the impact and recommendations.
Observation: Attackers will often have dictionaries of words that contain names, places, default passwords and other common passwords. If a password or key is likely to be contained within an attacker's dictionary, they could gain access to the system.
The passwords and keys of the device RBD52 were tested against a small dictionary and one password / key was identified. The read-only Simple Network Management Protocol (SNMP) community string was public.
Impact: An attacker who was able to identify a password or key would be able to gain a level of access to the device, based on what service the password / key was used for.
Ease: Tools are available on the Internet that can perform dictionary-based password guessing against a number of network services.
Recommendation: Nipper strongly recommends that the password identified be immediately changed to something that is more difficult to guess. Nipper recommends that passwords be made up of at least eight characters in length and contain either uppercase or lowercase characters and numbers.
Observation: Strong passwords tend to contain a number of different types of character, such as uppercase and lowercase letters, numbers and punctuation characters. Weaker passwords tend not to contain a mixture of character types. Additionally, weaker passwords tend to be short in length.
Nipper identified two passwords / keys that did not meet the minimum password complexity requirements. These are listed in Table 2.
Table 2: Weak passwords / keys
| Type |
Service |
Username |
Password |
| Password | Enable | Level 15 | contra_secreta. |
| Community | SNMP | read-only | public |
Impact: If an attacker were able to gain a password or key, either through dictionary-based guessing techniques or by a brute-force method, the attacker could gain a level of access to RBD52.
Ease: A number of dictionary-based password guessing and password brute-force tools are available on the Internet.
Recommendation: Nipper strongly recommends that the weak passwords be immediately changed to ones that are stronger. Nipper recommends that passwords be made up of at least eight characters in length and contain either uppercase or lowercase characters and numbers.
Observation: Internet Control Message Protocol (ICMP) echo requests can be addressed to an entire network or subnet as well as to individual hosts. Disabling directed broadcasts on each individual network interface will help prevent network ping requests. Directed broadcasts are usually enabled by default on Cisco devices running Internet Operating System (IOS) version 11.3 and earlier.
Nipper determined that the device RBD52 had support for directed broadcasts enabled on the network interfaces listed in Table 3.
Table 3: Interfaces with directed broadcasts enabled
| Interface |
Description |
| GigabitEthernet0/0 | |
| GigabitEthernet0/0.10 | |
| GigabitEthernet0/0.30 | |
| GigabitEthernet0/1 | |
| Serial0/0/1 | |
Impact: A Denial of Service (DoS) attack exists that makes use of network echo requests, known as a smurf attack. An attacker would send an ICMP echo request with the victim hosts IP address spoofed as the source. The hosts on the network would then reply to the echo request, flooding the victim host.
Ease: Tools are available on the Internet that can perform the smurf attack outlined above.
Recommendation: Nipper recommends that directed broadcasts be disabled on all network interfaces. Directed broadcasts can be disabled on each individual network interface using the following command:
no ip directed broadcast
Observation: Open Shortest Path First (OSPF) is an Interior Gateway Protocol (IGP) used by routers to update routing tables. OSPF packets can be configured to use one of three levels of security; no authentication, clear-text authentication and MD5 authentication. The clear-text authentication method is almost as insecure as no authentication, as the key is included in the packet. Using the MD5 authentication method the packets are signed to prevent route tampering.
Nipper determined that OSPF with no authentication was configured on process ID 10.
Impact: An attacker who is able to update the routing tables could capture network traffic, perform a network-wide DoS or a man-in-the-middle attack.
Ease: Once an attacker has established what the type of authentication in use, they could use the information to pose as a router and insert routes into the routing tables by sending specially crafted OSPF packets. OSPF packets can be captured using a variety of techniques, and tools are available on the Internet that can be used to exploit insecure OSPF configurations.
Recommendation: Nipper recommends that, if possible, all OSPF areas be configured to use MD5-based authentication. Message digest authentication needs to be configured for each OSPF area and a key be specified on each OSPF network interface. The Cisco IOS command to enable MD5 authentication for an area is:
area {area id} authentication [message-digest]
The command to configure the MD5 authentication key on an interface is:
ip ospf message-digest-key {key id} md5
Observation: Connections to a Cisco Router device could become orphaned if a connection becomes disrupted. An attacker could attempt a DoS attack against a Cisco Router by exhausting the number of possible connections. Transmission Control Protocol (TCP) keep alive messages can be configured to confirm that a remote connection is valid and then terminate any orphaned connections.
Nipper determined that TCP keep alive messages are not sent for connections from remote hosts.
Impact: An attacker could attempt a DoS by exhausting the number of possible connections.
Ease: Tools are available on the Internet that can open large numbers of TCP connections without correctly terminating them.
Recommendation: Nipper recommends that TCP keep alive messages be sent to detect and drop orphaned connections from remote systems. TCP keep alive messages can be enabled for connections from remote systems using the following command:
service tcp-keepalives-in
Observation: IP source routing is a feature whereby a network packet can specify how it should be routed through the network. Cisco routers normally accept and process source routes specified by a packet, unless the feature has been disabled.
Nipper determined that IP source routing was not disabled.
Impact: IP source routing can allow an attacker to specify a route for a network packet to follow, possibly to bypass a Firewall device or an Intruder Detection System (IDS). An attacker could also use source routing to capture network traffic by routing it through a system controlled by the attacker.
Ease: An attacker would have to control either a routing device or an end point device in order to modify a packets route through the network. However, tools are available on the Internet that would allow an attacker to specify source routes. Tools are also available to modify network routing using vulnerabilities in some routing protocols.
Recommendation: Nipper recommends that, if not required, IP source routing be disabled. IP source routing can be disabled by issuing the following IOS command:
no ip source routing
Observation: Recent Cisco IOS-based devices support web-based administration using the HTTP protocol. Cisco web-based administration facilities can sometimes be basic but they do provide a simple method of administering remote devices. However, HTTP is a clear-text protocol and is vulnerable to various packet-capture techniques.
Even though the HTTP service had not been configured, it can be enabled by default on some Cisco devices.
Impact: An attacker who was able to monitor network traffic could capture authentication credentials.
Ease: Network packet and password sniffing tools are widely available on the Internet. Once authentication credentials have been captured it is trivial to use the credentials to log in using the captured credentials.
Recommendation: Nipper recommends that, if not required, the HTTP service be disabled. If a remote method of access to the device is required, consider using HTTPS or Secure Shell (SSH). The encrypted HTTPS and SSH services may require a firmware or hardware upgrade. The HTTP service can be disabled with the following IOS command:
no ip http server
If it is not possible to upgrade the device to use the encrypted HTTPS or SSH services, additional security can be configured. An access list can be configured to restrict access to the device. An access list can be specified with the following command:
ip http access-class {access list number}
The authentication method can be changed using the following command (where the authentication method is either local, enable, tacacs or aaa):
ip http authentication [authentication method]
Observation: SNMP is used to assist network administrators in monitoring and managing a wide variety of network devices. There are three main versions of SNMP in use. Versions 1 and 2 of SNMP are both secured with a community string and authenticate and transmit network packets without any form of encryption. SNMP version 3 provides several levels of authentication and encryption. The most basic level provides a similar protection to that of the earlier protocol versions. However, SNMP version 3 can be configured to provide encrypted authentication (auth) and secured further with support for encrypted data communications (priv).
Nipper determined that SNMP protocol version 1 was configured on RBD52.
Impact: Due to the unencrypted nature of SNMP protocol versions 1 and 2c, an attacker who was able to monitor network traffic could capture device configuration settings, including authentication details.
Ease: Network packet monitoring and capture tools are widely available on the Internet and SNMP tools are included as standard with some operating systems.
Recommendation: Nipper recommends that, if possible, SNMP version 1 be disabled. Furthermore, Nipper recommends that, if SNMP is required, protocol version 3 be configured with Auth and Priv authentication. SNMP protocol version 1 can be disabled with the following command for each community string:
no snmp-server community {Community String} {[RO] | [RW]}
SNMP version 3 Auth and Priv access can be configured with the following commands:
snmp-server group {Group Name} v3 priv
snmp-server user {Username} {Group Name} v3 auth md5 {Auth Keyword} priv {[3des] | [aes 128] | [aes 192]} {Priv Keyword}
Observation: ICMP redirect messages allow systems to change the route that network traffic takes. On networks with functional network routing, disabling ICMP redirects will have little to no effect. ICMP redirects are usually enabled by default on Cisco devices.
Nipper determined that the device RBD52 had support for ICMP redirects enabled on the network interfaces listed in Table 4.
Table 4: Interfaces with ICMP redirects enabled
| Interface |
Description |
| GigabitEthernet0/0.10 | |
| GigabitEthernet0/0.30 | |
| GigabitEthernet0/1 | |
| Serial0/0/1 | |
Impact: An attacker could use ICMP redirect messages to route network traffic through their own router, possibly allowing them to monitor network traffic.
Ease: Tools are widely available that can send ICMP redirect messages.
Recommendation: Nipper recommends that, if not required, ICMP redirects be disabled on all network interfaces. ICMP redirects can be disabled on each individual network interface using the following command:
no ip redirects
Observation: Logging is an essential component of a secure network configuration. Logging not only assists network administrators to identify issues when troubleshooting, but enables network administrators to react to intrusion attempts or Denial-of-Service attacks. It is therefore critical that logs be monitored, allowing administrators to take immediate action when an attack has been identified. Furthermore, system logs are a key component of a forensic investigation into past intrusions or service disruptions.
Nipper determined that, although logging was enabled on RBD52, Syslog logging was not configured.
Impact: An attacker could attempt to map and bypass any configured Access Control List (ACL) or to gain access to the Cisco Router without network administrators being alerted to the attempts. Furthermore, after an unauthorised intrusion into the network had been detected, it would be more difficult for an investigation to identify the source of the attack or the entry point without access to logs.
Ease: N/A
Recommendation: Nipper recommends that Syslog and Buffered logging be configured on RBD52. Logging can be enabled with the following command:
logging on
To configure Syslog logging, four things need to be set; a source interface for the Syslog messages to be sent from, one or more Syslog hosts to send messages to, the Syslog logging message severity level and the Syslog facility. The following commands can be used to configure Syslog logging:
logging source-interface {Interface}
logging host {Syslog IP address or hostname}
logging trap {Logging message severity level}
logging facility {Syslog facility}
It is worth noting that older IOS versions do not exclude the host parameter when specifying a host to send Syslog messages to. For older IOS versions you would use the following command:
logging {Syslog IP address or hostname}
Observation: Address Resolution Protocol (ARP) is a protocol that network hosts use to translate network addresses into media addresses. Under normal circumstances, ARP packets are confined to the sender's network segment. However, a Cisco router with Proxy ARP enabled on network interfaces can act as a proxy for ARP, responding to queries and acting as an intermediary.
Nipper identified four interfaces that had Proxy ARP enabled. These are listed in Table 5.
Table 5: Interfaces with Proxy ARP enabled
| Interface |
Description |
| GigabitEthernet0/0.10 | |
| GigabitEthernet0/0.30 | |
| GigabitEthernet0/1 | |
| Serial0/0/1 | |
Impact: A router that acts as a proxy for ARP requests will extend layer two access across multiple network segments, breaking perimeter security.
Ease: A Cisco device with Proxy ARP enabled will proxy ARP requests for all hosts on those interfaces.
Recommendation: Nipper recommends that, if not required, Proxy ARP be disabled on all interfaces. Proxy ARP can be disabled on each interface with the following Cisco IOS command:
no ip proxy-arp
Observation: Cisco Discovery Protocol (CDP) is a proprietary protocol that is primarily used by Cisco, but has been used by others. CDP allows some network management applications and CDP aware devices to identify each other on a Local Area Network (LAN) segment. Cisco devices, including switches, bridges and routers are configured to broadcast CDP packets by default. The devices can be configured to disable the CDP service or disable CDP on individual network interfaces.
Nipper determined that the CDP service had not been disabled, and additionally, had not been disabled on all the active network interfaces.
Impact: CDP packets contain information about the sender, such as hardware model information, operating system version and IP address details. This information would allow an attacker to gain information about the configuration of the network infrastructure.
Ease: CDP packets are broadcast to an entire network segment. An attacker could use one of the many publicly available tools to capture network traffic and view the leaked information.
Recommendation: Nipper recommends that, if not required, the CDP service be disabled on the Cisco device RBD52. If CDP is required, Nipper recommends that CDP be disabled on all interfaces except those that are explicitly required.
The CDP service can be disabled by issuing the following Cisco IOS command:
no cdp run
CDP can be disabled on individual interfaces using the following command:
no cdp enable
In some configurations with IP phones, deployed using either Auto Discovery or Dynamic Host Configuration Protocol (DHCP), the CDP service may need to be enabled. In this situation CDP should be disabled on all network interfaces for which it is not required.
Observation: Classless routing is enabled by default on Cisco routers. If a router has classless routing enabled and it receives a network packet for which there is no configured route, the router will forward the packet to the best destination. With classless routing disabled, the router would discard any network traffic for which no route is defined.
Nipper determined that classless routing was enabled on RBD52.
Impact: Network traffic that should not be routed by the router may be routed when classless routing is enabled.
Ease: N/A
Recommendation: Nipper recommends that, if possible, classless routing be disabled. Classless routing can be disabled with the following command:
no ip classless
Observation: BOOTstrap Protocol (BOOTP) is a datagram protocol that allows compatible hosts to load their operating system over the network from a BOOTP server. Cisco routers are capable of acting as BOOTP servers for other Cisco devices and the service is enabled by default. However, BOOTP is rarely used and may represent a security risk.
Nipper determined that BOOTP was not disabled. However, it is worth noting that not all Cisco devices support BOOTP.
Impact: An attacker could use the BOOTP service to download a copy of the router's IOS software.
Ease: Tools are available on the Internet to access BOOTP servers.
Recommendation: Nipper recommends that, if not required, the BOOTP service be disabled. The following command can be used to disable BOOTP:
no ip bootp server
Observation: Cisco devices provide a set of simple servers which are collectively known as TCP small servers and User Datagram Protocol (UDP) small servers. The services provide little functionality and include chargen, echo and daytime. Cisco IOS version 11.2 and older enable these services by default; newer IOS versions explicitly require them to be started.
Nipper determined that the version of IOS, on the Cisco device RBD52, enables these servers by default and they have not been explicitly disabled.
Impact: Each running service increases the chances of an attacker being able to identify the device and successfully compromise it. It is good security practice to disable all unused services.
Ease: Tools are widely available to query these services and some operating systems install these tools by default.
Recommendation: Nipper recommends that, if not required, TCP and UDP small servers be explicitly disabled. TCP and UDP small services are rarely used and are disabled by default in newer versions of Cisco IOS.
TCP small servers can be disabled with the following IOS command:
no service tcp-small-servers
UDP small servers can be disabled with the following IOS command:
no service udp-small-servers
Observation: ICMP IP unreachable messages can be generated by a Cisco device when a host attempts to connect to a non-existent host, network, or use an unsupported protocol. ICMP IP unreachable messages will let the connecting host know that the host, network or protocol is not supported or cannot be contacted. Therefore, the host does not have to wait for a connection time-out. ICMP IP unreachable messages are normally enabled by default on Cisco devices and must be explicitly disabled.
Nipper determined that the Cisco device RBD52 had ICMP IP unreachable messages enabled on the interfaces listed in Table 6.
Table 6: Interfaces with IP unreachables enabled
| Interface |
Description |
| GigabitEthernet0/0.10 | |
| GigabitEthernet0/0.30 | |
| GigabitEthernet0/1 | |
| Serial0/0/1 | |
Impact: An attacker who was performing network scans to determine what services were available would be able to scan a device more quickly.
Ease: Tools are available on the Internet that can perform a wide variety of scan types.
Recommendation: Nipper recommends that, if not required, IP unreachables be disabled on all network interfaces. However, whilst disabling IP unreachables will not stop scans, it does make it more difficult for an attacker. The IP unreachables option is disabled or enabled individually for each network interface. It can be disabled with the following command:
no ip unreachables
Observation: The Packet Assembler / Disassembler (PAD) service enables X.25 connections between network systems. The PAD service is enabled by default on most Cisco IOS devices but it is only required if support for X.25 links is necessary.
Nipper determined that the PAD service had not been disabled.
Impact: Running unused services increases the chances of an attacker finding a security hole or fingerprinting a device.
Ease: N/A
Recommendation: Nipper recommends that, if not required, the PAD service be disabled. Use the following command to disable the PAD service:
no service pad
Observation: Maintenance Operations Protocol (MOP) is used with the DECnet protocol suite. MOP is enabled by default on ethernet interfaces in some versions of IOS.
Nipper determined that MOP had not been disabled on all ethernet interfaces.
Impact: Running unused services increases the chances of an attacker finding a security hole or fingerprinting a device.
Ease: N/A
Recommendation: Nipper recommends that, if not required, MOP be disabled on all ethernet interfaces. MOP can be disabled on each interface with the following command:
no mop enabled
Nipper performed a security audit of the Cisco Router device RBD52 on Friday 24 March 2023 and identified 18 security-related issues. Nipper determined that:
- dictionary-based passwords / keys were in use;
- weak passwords / keys were identified;
- directed broadcasts were enabled;
- the OSPF configuration did not include MD5 authentication for all OSPF areas;
- TCP keep alive messages are not configured for inbound connections;
- IP source routing was enabled;
- clear-text remote web-based administration was enabled using HTTP;
- clear-text remote administration was enabled using SNMP;
- ICMP redirects were not disabled for all network interfaces;
- insufficient logging was configured;
- ARP request proxying was not disabled on all network interfaces;
- CDP was not disabled;
- classless routing was enabled;
- BootP was enabled;
- all small servers have not been disabled;
- IP unreachables have not been disabled on all interfaces;
- the PAD service was enabled;
- MOP had not been disabled on all interfaces.
This section details the configuration settings of the Cisco Router device RBD52.
Table 7: General device settings
| Description |
Setting |
| Hostname | RBD52 |
| Service Password Encryption | Enabled |
| IP Source Routing | Enabled |
| BOOTP | Enabled |
| Service Config | Disabled |
| TCP Keep Alives (In) | Disabled |
| TCP Keep Alives (Out) | Disabled |
| Cisco Express Forwarding | Disabled |
| Classless Routing | Enabled |
Table 8: Device services
| Service |
Status |
| Telnet | Disabled |
| HTTP | Unconfigured |
| Finger | Disabled |
| TCP Small Services | Enabled |
| UDP Small Services | Enabled |
| SNMP | Enabled |
| CDP | Enabled |
| PAD | Enabled |
Table 9: Domain name settings
| Description |
Setting |
| Domain Name | islacinco.com |
| Domain Lookup | Disabled |
| DNS Server 1 | 5.5.5.5 |
Table 10: Time zone settings
| Description |
Setting |
| Time Zone | UTC |
| UTC Offset | None |
| Summer Time Zone | Disabled |
| Authorative Time Source | No |
Table 11: Enable Passwords
| Level |
Password |
Encryption |
| 15 | contra_secreta. | None |
Table 12: User Accounts
| Username |
Privilage |
Password |
Encryption |
| leidi | 15 | <unknown> | Unknown |
| wilberth | 15 | <unknown> | Unknown |
| bianca | 15 | <unknown> | Unknown |
| jared | 15 | <unknown> | Unknown |
Login banners should provide a warning against unauthorised access to the device. The configured banner on RBD52 was:
Acceso no autorizado prohibido. Solo personal autorizado."
line con 0
password linea_de_consola.
login
exit
line vty 0 4
password linea_vty.
login local
transport input ssh
exit
line vty 5 15
password linea_vty.
login local
exit
service timetamps log datetime msec
loggin facility syslog
loggin trap debug
logging host 10.5.20.20
ntp update-calendar
ntp server 10.0.0.254
crypto key-generate rsa
Table 13: Logging configuration
| Description |
Setting |
| Logging | Enabled |
| Log Configuration Changes | Disabled |
| Console Logging | System Default |
| Console Logging Severity Level | Default |
| Syslog Logging | Disabled |
| Buffer Logging | System Default |
| Buffer Size | Default |
| Buffer Logging Severity Level | Debugging (7) |
| Terminal Line Logging | Enabled |
| Terminal Line Logging Severity Level | Debugging (7) |
SNMP is used to assist network administrators in monitoring and managing a wide variety of network devices. There are three main versions of SNMP in use. Versions 1 and 2 of SNMP are both secured with a community string and authenticate and transmit network packets without any form of encryption. SNMP version 3 provides several levels of authentication and encryption. The most basic level provides a similar protection to that of the earlier protocol versions. However, SNMP version 3 can be configured to provide encrypted authentication (auth) and secured further with support for encrypted data communications (priv).
Table 14: General SNMP service configuration
| Description |
Setting |
| Service enabled | Yes |
| Trap Timeout | 30 seconds |
| TFTP Server List | Disabled |
Table 15: SNMP community strings
| Community |
Access |
View |
Access-List |
Enabled |
| public | Read-Only | | | Yes |
Table 16: SNMP traps
| SNMP Trap |
|
Table 17: SSH configuration
| Description |
Setting |
| SSH | Disabled |
| Protocol version | 2 |
| Login time-out | Default |
| Login retries | Default |
A network device's routing tables can be configured with static routes or updated dynamically. Routing protocols are used by network routing devices to dynamically update the routing tables that devices use to forward network traffic to their destination. Router protocols can be split into two different categories; IGPs and Exterior Gateway Protocols (EGPs). IGPs are usually used in situations where the routing devices are all controlled by a single entity, such as within a company. EGPs are usually used in situations where routing devices are managed by a number of entities, such as the Internet. Typically routing devices support a number of standard routing protocols.
OSPF protocol is an IGP. OSPF packets are sent when the network configuration changes, such as when a route goes down, and the packets only contain the change. Since the information sent in OSPF packets is limited to any network changes, the protocol is well suited to complex network configurations.
For OSPF to work on a network interface it must be included within an OSPF network area.
Table 18: OSPF process ID 10 network areas
| Network |
Network Mask |
Area ID |
| 10.5.1.0 | 0.0.0.255 | 0 |
| 10.5.10.0 | 0.0.0.255 | 0 |
| 10.5.20.0 | 0.0.0.255 | 0 |
| 10.5.30.0 | 0.0.0.255 | 0 |
| 10.5.40.0 | 0.0.0.255 | 0 |
| 10.19.0.12 | 0.0.0.3 | 0 |
Table 19: OSPF process ID 10 interface configuration
| Interface |
Description |
IP Address |
Authentication |
Authentication Key |
Key Encryption |
Flood Reduction |
OSPF Mode |
| GigabitEthernet0/0.10 | | 10.5.10.254 255.255.255.0 | None | | None | Off | Default |
| GigabitEthernet0/0.30 | | 10.5.30.254 255.255.255.0 | None | | None | Off | Default |
| GigabitEthernet0/1 | | 10.19.0.13 255.255.255.252 | None | | None | Off | Default |
| Serial0/0/1 | | 10.19.0.18 255.255.255.252 | None | | None | Off | Default |
Table 20: Interfaces
| Interface |
Active |
IP Address |
Proxy ARP |
IP Unreachable |
IP Redirect |
IP Mask Reply |
IP Direct Broadcast |
NTP |
CDP |
uRPF |
MOP |
| GigabitEthernet0/0 | Yes | None | N/A | N/A | N/A | N/A | N/A | N/A | N/A | Off | N/A |
| GigabitEthernet0/0.10 | Yes | 10.5.10.254 255.255.255.0 | On | On | On | Off | On | On | On | Off | N/A |
| GigabitEthernet0/0.30 | Yes | 10.5.30.254 255.255.255.0 | On | On | On | Off | On | On | On | Off | N/A |
| GigabitEthernet0/1 | Yes | 10.19.0.13 255.255.255.252 | On | On | On | Off | On | On | On | Off | On |
| Serial0/0/1 | Yes | 10.19.0.18 255.255.255.252 | On | On | On | Off | On | On | On | Off | On |
| ACL | Access Control List |
| ARP | Address Resolution Protocol |
| BOOTP | BOOTstrap Protocol |
| CDP | Cisco Discovery Protocol |
| CEF | Cisco Express Forwarding |
| DHCP | Dynamic Host Configuration Protocol |
| DoS | Denial of Service |
| EGP | Exterior Gateway Protocol |
| HTTP | HyperText Transfer Protocol |
| HTTPS | HyperText Transfer Protocol over SSL |
| ICMP | Internet Control Message Protocol |
| IDS | Intruder Detection System |
| IGP | Interior Gateway Protocol |
| IOS | Internet Operating System |
| IP | Internet Protocol |
| LAN | Local Area Network |
| MD5 | Message Digest 5 |
| MOP | Maintenance Operations Protocol |
| NTP | Network Time Protocol |
| OSPF | Open Shortest Path First |
| PAD | Packet Assembler / Disassembler |
| SNMP | Simple Network Management Protocol |
| SSH | Secure Shell |
| SSL | Secure Sockets Layer |
| TCP | Transmission Control Protocol |
| TFTP | Trivial File Transfer Protocol |
| UDP | User Datagram Protocol |
| UTC | Coordinated Universal Time |
Table 21: Common ports
| Service |
Port |
| SSH | 22 |
| DHCP | 67 |
| TFTP | 69 |
| HTTP | 80 |
| NTP | 123 |
| SNMP | 161 |
| HTTPS | 443 |
Table 22: Logging message severity levels
| Level |
Level Name |
Description |
| 0 | Emergencies | System is unstable |
| 1 | Alerts | Immediate action is required |
| 2 | Critical | Critical conditions |
| 3 | Errors | Error conditions |
| 4 | Warnings | Warning conditions |
| 5 | Notifications | Significant conditions |
| 6 | Informational | Informational messages |
| 7 | Debugging | Debugging messages |
Table 23: Common time zone acronyms
| Region |
Acronym |
Time Zone |
UTC Offset |
| Australia | CST | Central Standard Time | +9.5 hours |
| Australia | EST | Eastern Standard/Summer Time | +10 hours |
| Australia | WST | Western Standard Time | +8 hours |
| Europe | BST | British Summer Time | +1 hour |
| Europe | CEST | Central Europe Summer Time | +2 hours |
| Europe | CET | Central Europe Time | +1 hour |
| Europe | EEST | Eastern Europe Summer Time | +3 hours |
| Europe | EST | Eastern Europe Time | +2 hours |
| Europe | GMT | Greenwich Mean Time | |
| Europe | IST | Irish Summer Time | +1 hour |
| Europe | MSK | Moscow Time | +3 hours |
| Europe | WEST | Western Europe Summer Time | +1 hour |
| Europe | WET | Western Europe Time | +1 hour |
| USA and Canada | ADT | Atlantic Daylight Time | -3 hours |
| USA and Canada | AKDT | Alaska Standard Daylight Saving Time | -8 hours |
| USA and Canada | AKST | Alaska Standard Time | -9 hours |
| USA and Canada | AST | Atlantic Standard Time | -4 hours |
| USA and Canada | CDT | Central Daylight Saving Time | -5 hours |
| USA and Canada | CST | Central Standard Time | -6 hours |
| USA and Canada | EDT | Eastern Daylight Time | -4 hours |
| USA and Canada | EST | Eastern Standard Time | -5 hours |
| USA and Canada | HST | Hawaiian Standard Time | -10 hours |
| USA and Canada | MDT | Mountain Daylight Time | -6 hours |
| USA and Canada | MST | Mountain Standard Time | -7 hours |
| USA and Canada | PDT | Pacific Daylight Time | -7 hours |
| USA and Canada | PST | Pacific Standard Time | -3 hours |
This report was generated using Nipper version 0.11.7. Nipper is an Open Source tool designed to assist security professionals and network system administrators securely configure network infrastructure devices. The latest version of Nipper can be found at the following URL:
http://nipper.sourceforge.net.