In today’s article, I’m going to quickly inform you about the Privileged EXEC command named "auto secure".
Network administrators (like you) use the "auto secure" command to secure the management and forwarding planes of a router.
Another way of saying it is, CCNAs use this command to secure a router by disabling common IP services which can be exploited by attackers to initiate network attacks. When the command is typed on a router, it takes the user (ccna) thru a command line-interface (CLI) semi-interactive session (which is also known as the AutoSecure dialogue).
As you can see, the command can use several "optional" keywords:
management – This (optional) keyword is used to only secure the management plane of a router.
forwarding – This (optional) keyword is used to only secure the forwarding plane of a router.
no-interact – A CCNA uses this (optional) keyword if he or she doesn’t want to be prompted for any interactive configurations. (If this optional keyword is not used, the user will be shown the noninteractive configuration and the interactive configurations)
full – This (optional) keyword is used to indicate that the user (ccna) wants to be prompted for all interactive questions. (If this optional keyword is not used, the router will behave this way by default)
ntp – This optional keyword is used to specify the configuration of the Network Time Protocol (NTP) feature in the AutoSecure command line-interface (CLI).
login – This (optional) keyword is used to specify the configuration of the Login feature in the AutoSecure CLI.
ssh – This (optional) keyword is used to specify the configuration of the Secure Shell (SSH) feature in the AutoSecure CLI.
firewall – This (optional) keyword is used to specify the configuration of the firewall feature in the AutoSecure CLI.
tcp-intercept – And, this (optional) keyword is used to specify the configuration of the TCP-Intercept feature in the AutoSecure CLI.
Below is an example of the command being used:
*** AutoSecure configuration enhances the security of
the router, but it will not make it absolutely resistant
to all security attacks ***
AutoSecure will modify the configuration of your device.
All configuration changes will be shown. For a detailed
explanation of how the configuration changes enhance security
and any possible side effects, please refer to Cisco.com for
At any prompt you may enter '?' for help.
Use ctrl-c to abort this session at any prompt.
As you can see, once the command is typed into the router, the user (ccna) is informed about the CLI semi-interactive session.
Well, I would like to go on and on explaining this command in greater detail, but to do so would make this article extremely lengthy.
But, if you decide to use this command to harden your router(s), make sure your router(s) is running Cisco IOS 12.3(4)T or higher.
I hope this article was very informative and helped you quickly understand the usage of the auto secure command. If you need to learn more; I suggest you visit my website, (www.ccnaittechtips.com) were you’ll find the latest information regarding the Cisco CCNA (640-553) Security exam techniques.