Auto-Secure/Security Audit

Well after reading about what these do (some time ago) I thought cisco routers were wide open out of the box. However while doing a lab, I ran n.map on my one of my routers this is what I found:

Not shown: 997 closed ports

PORT STATE SERVICE VERSION

23/tcp open telnet Cisco router

1720/tcp open H.323/Q.931?

5060/tcp open sip-proxy Cisco SIP Gateway (IOS 12.x)

MAC Address: 00:11:93:CA:E4:A4 (Cisco Systems)

Not the big wide open box I would have thought. Also there were only 3 services running. I have not run auto-secure or security audit on this box yet. What gives? Why so few open ports? I can post my config if that helps.

Find more posts tagged with

Comments

mikem2te

A port scan is only going to show open tcp / udp ports so all the layer 2 & 3 vulnerabilities will not show, things like CDP, ICMP, Spanning tree, certain routing protocols etc.

Upper layer protocols are mostly disabled until enabled. I believe the tcp & udp servers are now disabled by default on later IOS versions. SNMP is off until a community string is defined, similarly ssh, http, https, t.f.t.p. are not enabled by default.