I have a few questions as follows:
1. I am planning to use ssh instead of telnet or pdm for security reasons. Would this make sense? Any things I could miss without using telnet.
2. In the IOS v12, do we still need to specify 'no service tcp-small-servers
' and 'no service udp-small servers'? Is this a default function? Or I still have to include the line?
3. In the PIX config, are the following very critical to security?
'no http server enable';
'clear dhcpd' ;
'sysopt security fragguard', 'fragment chain 1 outside';
'ip verify reverse-path interface xxxx';
4. How is Cisco IDS 2410? Any reported vulnerable? It occurred to me that this device cannot block any packets that meet the signature patterns. Is
this a config issue or the faults from the box? In Cisco website, it is marked as a discontinued support item.
5. Is dhcp not a good choice for security reason? How vulnerable would it be for the Dos?
I am new to this field and any comments are appreciated. Thanks.