HP 6125G HP Networking guide to hardening Comware-based devices - Page 23

area-authentication-mode md5 domain-authentication-mode md5 # For more information, see "Enhancing IS-IS Network Security in ISIS" in the Layer-3 IP Routing Configuration Guide. Silent-interface commands Information leaks, or the introduction of false information into an IGP, can be mitigated through use of the silent-interface command, which assists in controlling the advertisement of routing information. You are advised not to advertise any information to networks that are outside your administrative control. The following example demonstrates usage of this feature: # ospf silent-interface all undo silent-interface # Route filtering To reduce the possibility of introducing false routing information to the network, you must utilize route filtering. Unlike the silent-interface command, routing occurs on interfaces once route filtering is enabled, but the information that is advertised or processed is limited. For RIP, using the filter-policy command with the export key word limits what information is advertised, while use of the import key word limits what updates are processed. The filter-policy command is available for OSPF, but it does not prevent a router from propagating filtered routes. Instead, the filter command can be used. The following RIP example filters outbound advertisements with the filter-policy command and a prefix list: # ip ip-prefix index 10 permit # rip silent-interface all undo silent-interface filter-policy ip-prefix export # The following RIP example filters inbound updates with a prefix list: # ip ip-prefix index 10 permit # rip silent-interface all undo silent-interface filter-policy ip-prefix import # For more information, see "Configuring Inbound/Outbound Route Filtering in RIP" in the Layer-3 IP Routing Configuration Guide. The following OSPF example utilizes a prefix list with the OSPF-specific filter command: # 23