Download presentation
Published byTamsin Malone Modified over 9 years ago
1
Privilege Levels Cisco IOS provides for 16 different privilege levels ranging from 0 to 15. Cisco IOS comes with 2 predefined user levels. User mode privilege level 1 and “enabled” mode (privileged mode) runs at level 15. Every IOS command is pre-assigned to either level 1 or level 15. Graphics , ,
2
Show Commands – Level 1 Graphics , ,
3
Password Controls Security best practice is to have passwords managed with a TACACS+ or RADIUS. Locally configured passwords required in the event of failure of TACACS+ or RADIUS services. Cisco IOS, two password protection schemes, Type 7 uses the Cisco-defined encryption algorithm, weak. Type 5 uses an iterated MD5 hash which is much stronger. Cisco recommends removing all Type 7 passwords and using Type 5 encryption To prevent passwords from showing up as plain text when viewing the configuration files use the service password-encryption command. Graphics , ,
4
Passwords – Audit Steps
Review configuration to verify: Line and enable passwords are configured. Service password-encryption command has been configured. Verify that policy establishes sound password guidelines for network devices. Complexity Minimum length Max age Graphics , ,
5
Management ports The console (con) and auxiliary (aux) ports on Cisco routers are used for serial connections. The console (con) port is the default location for performing router management and configuration. The con port provides out-of-band access to a router as no networking services are needed. VTY port used for remote access, network services must be available.
6
Management Port Audit Steps
In general, the auxiliary port should be disabled. Review configuration to verify Each authorized user is required to log in using their own account. Console line time out has been configured. Verify that the computer attached to the con port is a standalone and protected from unauthorized access.
7
VTY Primary mechanism for remote administration of Cisco routers is logging in via Telnet, SSH on virtual terminal lines (vty). Telnet - anyone with a network sniffer and access to the right LAN segment can acquire the router account and password SSH – should be used to provide confidentiality and integrity AAA is the mechanism Cisco recommends for remote administration authentication, authorization and accounting.
8
AAA AAA authentication is set up using method lists.
The authentication method list defines the types of authentication to be performed and the sequence in which to apply them. Lists are applied to the appropriate lines and interfaces. Graphics , ,
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.