How can you protect a device from Dos attacks directed against its terminal and management ports?
A. Reserve a terminal or management port with a highly restrictive ACL
B. Enable AAA local authentication on the terminal and management ports
C. Configure the max-login-attempts command on the terminal and management ports
D. Configure TCP keepalives on the terminal and management ports
https://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Security/Baseline_Security/securebasebook/sec_chap2.html
Restrict vulnerability to dictionary and DoS attacks
•Limit the rate of login attempts
•Enforce a lockout period upon multiple authentication failure attempts
•Reserve one management port for access only by one particular NoC host
A is correct,
C is incorrect becaus it is a global command, and not configured on the interface
I thing,,, A. It’s not about DoS, but some documents jumbles unauthorized access protection and denial of service protections..
I could find only this. Are there any other refference?
https://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Security/Baseline_Security/securebasebook/sec_chap2.htm