Cisco Security Device Manager

Cisco Security Device Manager (Cisco SDM) is a web-based device-management tool that can be used to configure LAN, WAN and other security features on Ciscio IOS software-based routers.
Cisco SDM has an easy-to-use interface which will help network administrator to perform day-to-day operations. Cisco SDM is preinstalled by default on all new Cisco routers (Cisco SDM is stored in the flash memory). However, if it's not preinstalled, you can install it on the router or a PC. Advantage of installing on a PC is that is saves router's memory and you can manage other routers from the same PC.

if Cisco SDM is preinstalled on a router, Cisco recommend using Cisco SDM to perform the initial confguration.

with Cisco SDM we can manage ACL, create VPN key. Cisco SDM has smart wizards which will guide users step-by-step through router and security configuration workflow. Cisco SDM can intelligently detect incorrect configuration. Cisco SDM also gives background information in addition to the step-by-step procedures.

Installing Cisco SDM
Cisco SDM can be installed on a deployed router without disrupting the network. The steps are:
step 1. Access the router CLI using telnet or console connection.
step 2. Enable HTPP and HTTPS server on the router.
step 3. Create a user account defined with privilege level 15.
step 4. Create SSH and telenet for local login with privilege level 15.

the commands are (assume that a connection to the router has been established):
ip http server
ip http secure-server
ip http authentication local
username joe privilege 15 secret cisco
line vty 0 4
privilege
login local
transport input telnet ssh


then after enabling Cisco SDM on the router, you can launch the Cisco SDM by connecting to the router through HTTP/HTTPS from a web browser. then you will be prompted to enter a username and a password (if you configure http server authentication to local, it will search and match the username and password to local user list).

Cisco SDM overview page, you can see information about the router such as total amount of memory, version of flash, IOS, hardware installed, active VPN connections and also summary of the configuration.

Cisco SDM offers a feature similar to the "auto secure" in command line (see Network Security) which is called one-step lockdown wizard. to access the wizard you have to select configure -> security audit -> one-step lockdown. click yes at the Cisco SDM warning dialog box. Then Cisco SDM will review the current configuration and check for best security practices. Then Cisco SDM will list some recommended configuration. if you click deliver, then the configuration will be sent to the router.

However there are differences of one-step lockdown wizard with "auto secure" command, those are:
- Cisco SDM disables SNMP, "auto secure" configure SNMP version 3.
- Enables and configures SSH on crypto Cisco IOS images.
- Does not enable service control point, disable file transer services (ftp).

1 comments:

Anonymous said...

Who knows where to download XRumer 5.0 Palladium?
Help, please. All recommend this program to effectively advertise on the Internet, this is the best program!

top