Privilege Levels Cisco IOS provides for 16 different privilege levels ranging from 0 to 15. Cisco IOS comes with 2 predefined user levels. User mode.

Slides:



Advertisements
Similar presentations
© 2003, Cisco Systems, Inc. All rights reserved..
Advertisements

Securing the Router Chris Cunningham.
Operating and Configuring Cisco IOS Devices © 2004 Cisco Systems, Inc. All rights reserved. Operating Cisco IOS Software INTRO v2.0—8-1.
1 © 2004, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.1 Module 6 Switch Configuration.
Managing Your Network Environment © 2004 Cisco Systems, Inc. All rights reserved. Managing Cisco IOS Devices INTRO v2.0—9-1.
© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—2-1 Ethernet LANs Operating Cisco IOS Software.
Cisco Router. Overview Understanding and configuring the Cisco Internetwork Operating System (IOS) Connecting to a router Bringing up a router Logging.
(Remote Access Security) AAA. 2 Authentication User named "flannery" dials into an access server that is configured with CHAP. The access server will.
Chapter 16 AAA. AAA Components  AAA server –Authenticates users accessing a device or network –Authorizes user to perform specific activities –Performs.
CCNA Guide to Cisco Networking Fundamentals Fourth Edition
CCNA 2 v3.1 Module 2.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 2: Configuring a Network Operating System Introduction to Networks.
802.1x Port Authentication via RADIUS By Oswaldo Perdomo cs580 Network Security.
S6C12 - AAA AAA Facts. AAA Defined Authentication, Authorization, and Accounting Central Management of AAA –Information in a single, centralized, secure.
Network Security1 – Chapter 3 – Device Security (B) Security of major devices: How to protect the device against attacks aimed at compromising the device.
Summer Classes Router - Initial Configuration By Roshan Chaudhary Lecturer Islington College.
4-1 PSe_4Konf.503 EAGLE Getting Started and Configuration.
Router Hardening Nancy Grover, CISSP ISC2/ISSA Security Conference November 2004.
1 Semester 2 Module 3 Configuring a Router Yuda college of business James Chen
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 2: Configuring a Network Operating System Introduction to Networks.
Exterior Gateway Protocol Border Gateway Protocol (BGP) Interior Gateway Protocol Routing Information Protocol (RIP) Enhanced Interior Gateway Protocol.
Configuring a network os
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 2: Configuring a Network Operating System Introduction to Networks.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 2: Configuring a Network Operating System Introduction to Networks.
Chapter 2: Basic Router Configuration
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
CISCO NETWORKING ACADEMY Chabot College ELEC router passwords.
1 © 2007 Cisco Systems, Inc. All rights reserved.Cisco Public Remote access typically involves allowing telnet, SSH connections to the router Remote requires.
Cisco Routers Objectives –How to log into a Cisco router and determine basic settings. Contents –Differences in available methods of access. –Different.
Saeed Darvish Pazoki – MCSE, CCNA Abstracted From: Cisco Press – ICND 1 – Chapter 9 Ethernet Switch Configuration 1.
Basic Router Configuration 1.1 Global configuration Cisco allows us to configure the router to support various protocols and interfaces. The router stores.
User Access to Router Securing Access.
The CLI uses a hierarchical structure for the modes. In order from top to bottom, the major modes are: User mode Privileged mode Global Configuration.
Module 3 Configuring a Router.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 2 ver.2 Module 8 City College.
1 Router Fundamentals (Ref. CCNA5 Introduction to Networks 2.1, 6.3)
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Basic Switch Configurations.
Jose Luis Flores / Amel Walkinshaw
1 Week #5 Routing and NAT Network Overview Configuring Routing Configuring Network Address Translation Troubleshooting Routing and Remote Access.
Configuring AAA requires four basic steps: 1.Enable AAA (new-model). 2.Configure security server network parameters. 3.Define one or more method lists.
Configuring AAA Kamyar Miremadi Laila Sherif Summer 2005.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 1 ver.2 Module 2 City College.
Routers 1st semester
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Router Initialization steps.
CN2668 Routers and Switches Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
Cisco IOS Command Line Interface Honolulu Community College Cisco Academy Training Center Semester 2 Version 2.1.
Cisco Certified Network Associate
Chapter 2: Configure a Network Operating System
 Router Configurations part1 2 nd semester
© 2002, Cisco Systems, Inc. All rights reserved..
COMPUTER NETWORK AND DESIGN
+ Lecture#3: Configuring a Network Operating System Asma AlOSAIMI.
Routers and Router Configuration 2 nd semester
Chapter 6.  Upon completion of this chapter, you should be able to:  Configure switches  Configure VLANs  Verify configuration settings  Troubleshoot.
Lecture#3: Configuring a Network Operating System
Instructor Materials Chapter 8 Configuring Cisco Devices
Configuring a Network Operating System –
Instructor Materials Chapter 2: Configure a Network Operating System
Chapter 2: Configure a Network Operating System
Operating & Configuring a Cisco IOS Device
Router Configurations part1
Configuring and Troubleshooting Routing and Remote Access
Chapter 5: Switch Configuration
Introduction to Networking
Chapter 2: Basic Switching Concepts and Configuration
– Chapter 3 – Device Security (B)
Chapter 2: Configure a Network Operating System
Understanding Cisco Router Security
– Chapter 3 – Device Security (B)
Presentation transcript:

Privilege Levels Cisco IOS provides for 16 different privilege levels ranging from 0 to 15. Cisco IOS comes with 2 predefined user levels. User mode privilege level 1 and “enabled” mode (privileged mode) runs at level 15. Every IOS command is pre-assigned to either level 1 or level 15. Graphics 2.4.3.1, 2.4.3.2, 2.4.3.3

Show Commands – Level 1 Graphics 2.4.3.1, 2.4.3.2, 2.4.3.3

Password Controls Security best practice is to have passwords managed with a TACACS+ or RADIUS. Locally configured passwords required in the event of failure of TACACS+ or RADIUS services. Cisco IOS, two password protection schemes, Type 7 uses the Cisco-defined encryption algorithm, weak. Type 5 uses an iterated MD5 hash which is much stronger. Cisco recommends removing all Type 7 passwords and using Type 5 encryption To prevent passwords from showing up as plain text when viewing the configuration files use the service password-encryption command. Graphics 2.4.3.1, 2.4.3.2, 2.4.3.3

Passwords – Audit Steps Review configuration to verify: Line and enable passwords are configured. Service password-encryption command has been configured. Verify that policy establishes sound password guidelines for network devices. Complexity Minimum length Max age Graphics 2.4.3.1, 2.4.3.2, 2.4.3.3

Management ports The console (con) and auxiliary (aux) ports on Cisco routers are used for serial connections. The console (con) port is the default location for performing router management and configuration. The con port provides out-of-band access to a router as no networking services are needed. VTY port used for remote access, network services must be available.

Management Port Audit Steps In general, the auxiliary port should be disabled. Review configuration to verify Each authorized user is required to log in using their own account. Console line time out has been configured. Verify that the computer attached to the con port is a standalone and protected from unauthorized access.

VTY Primary mechanism for remote administration of Cisco routers is logging in via Telnet, SSH on virtual terminal lines (vty). Telnet - anyone with a network sniffer and access to the right LAN segment can acquire the router account and password SSH – should be used to provide confidentiality and integrity AAA is the mechanism Cisco recommends for remote administration authentication, authorization and accounting.

AAA AAA authentication is set up using method lists. The authentication method list defines the types of authentication to be performed and the sequence in which to apply them. Lists are applied to the appropriate lines and interfaces. Graphics 2.4.3.1, 2.4.3.2, 2.4.3.3

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.