As per VAPT audit carried out in my client side they ask to make changes in following points in 2960 switch and 3825,3845, 3945 and 7609 routers kindly provide the correct solution. as per my search till now it is not highly required but how can i answer and convince this to my client.
Obser 1- “SSH Server CBC Mode Ciphers Enabled” :
Kindly suggest the command to implement CTR or GCM ciphers and to disable CBC Mode Ciphers. The CISCO documents do not have any information for implementation of CTR or GCM in CISCO devices.
Obser 2 – “SSH Weak MAC Algorithms Enabled “ :
Kindly suggest the command to disable SSH Weak MAC Algorithms in CISCO devices.