 WebProWorld Dev Forum |
Im a networking idiot
Im having problems setting up a small home wirless network and desperately need help. I have a broadband subscription with AOL...
Server Question
I am currently the webmaster for two e-commerce flooring-related sites. We were planning on swithing to ACT business software (from our outdated system) and have people access a database off of a server.
|
| Recent Articles |
COLT's Switched Ethernet VPN Built upon Cisco's Platform
Cisco announced that COLT Telecom Group plc is delivering its new pan-European managed Switched Ethernet VPN service built upon Cisco's multiservice optical transport platform.
Layered Security
Layered Security is becoming an over-used buzzword for a very simple concept. Let's say you went to your local bank to cash a check. Think of all the security measures you will interact with for this simple, everyday transaction...
Juniper Contributes to Completion of IOC Milestone
Juniper Networks' IP routing platforms have contributed to the Defense Information Systems Agency's (DISA) completion of the Initial Operational Capacity (IOC) milestone at the first six GIG-BE program sites.
Easy Guide to RAID Recovery
What is RAID RECOVERY? RAID stands for Redundant Array of Inexpensive Disks. It is a method of combining several hard drives into one unit.
|
| |
|
12.20.04
Configuring Basic Cisco Router Security
 By Chris Bryant
Network security is a hot topic today, and will only increase in importance in the months and years ahead.
While most of the attention is paid to exterior threats, there are some steps you can take to prevent unwanted Cisco router access from within your organization.
Whether you want to limit what certain users can do and run on your routers, or prevent unauthorized users in your company from getting to config mode in the first place, here are four important yet simple steps you can take to do so.
Encrypt the passwords in your running configuration.
This is a basic Cisco router security command that is often overlooked. It doesn't do you any good to set passwords for your ISDN connection or Telnet connections if anyone who can see your router's running configuration can see the passwords. By default, these passwords are displayed in your running config in clear text.
One simple command takes care of that. In global configuration mode, run service password-encryption. This command will encrypt all clear text passwords in your running configuration.
Set a console password.
If I walked into your network room right now, could I sit down and start configuring your Cisco routers?
If so, you need to set a console password. This password is a basic yet important step in limiting router access in your network. Go into line configuration mode with the command "line con 0", and set a password with the password command.
Limit user capabilities with privilege level commands.
 Not everyone who has access to your routers should be able to do anything they want. With careful use of privilege levels, you can limit the commands given users can run on your routers.
Privilege levels can be a little clumsy at first, but with practice you'll be tying your routers down as tight as you like. Visit www.cisco.com/univercd for documentation on configuring privilege levels.
Configure an "enable secret" password.
It's not uncommon for me to see a router that has an enable mode password set, but it's in clear text.
By using "enable secret", the enable mode password will automatically be encrypted. Remember, if you have an enable password and enable secret password set on the same router, the enable secret password takes precedence.
These four basic steps will help prevent unwanted router access from inside your network. If only preventing problems from outside your network was as simple!
About the Author:
He is the owner of http://www.thebryantadvantage.com, where he teaches CCNA and CCNP courses to small groups of exam candidates, ensuring they each receive the individual attention they deserve. Chris is always glad to hear from Cisco certification candidates at chris@thebryantadvantage.com.
|
