05th November 2005

Author: Chris Bryant

Network security is a hot topic today, and will only increase in importance in the months and years ahead.

While most of the attention is paid to exterior threats, there are some steps you can take to prevent unwanted Cisco router access from within your organization.

Whether you want to limit what certain users can do and run on your routers, or prevent unauthorized users in your company from getting to config mode in the first place, here are four important yet simple steps you can take to do so.

Encrypt the passwords in your running configuration.

This is a basic Cisco router security command that is often overlooked. It doesn’t do you any good to set passwords for your ISDN connection or Telnet connections if anyone who can see your router’s running configuration can see the passwords. By default, these passwords are displayed in your running config in clear text.

One simple command takes care of that. In global configuration mode, run service password-encryption. This command will encrypt all clear text passwords in your running configuration.

Set a console password.

If I walked into your network room right now, could I sit down and start configuring your Cisco routers?

If so, you need to set a console password. This password is a basic yet important step in limiting router access in your network. Go into line configuration mode with the command “line con 0”, and set a password with the password command.

Limit user capabilities with privilege level commands.

Not everyone who has access to your routers should be able to do anything they want. With careful use of privilege levels, you can limit the commands given users can run on your routers.

Privilege levels can be a little clumsy at first, but with practice you’ll be tying your routers down as tight as you like. Visit www.cisco.com/univercd for documentation on configuring privilege levels.

Configure an “enable secret” password.

It’s not uncommon for me to see a router that has an enable mode password set, but it’s in clear text.

By using “enable secret”, the enable mode password will automatically be encrypted. Remember, if you have an enable password and enable secret password set on the same router, the enable secret password takes precedence.

These four basic steps will help prevent unwanted router access from inside your network. If only preventing problems from outside your network was as simple!

Source: http://www.articlealley.com/article_14458_11.html

Chris Bryant, CCIE #12933, is the owner of The Bryant Advantage, home of over 100 free certification exam tutorials, including Cisco CCNA certification test prep articles. His exclusive Cisco CCNA study guide and Cisco CCNA training is also available! Visit his blog and sign up for Cisco Certification Central, a daily newsletter packed with CCNA, Network+, Security+, A+, and CCNP certification exam practice questions! A free 7-part course, "How To Pass The CCNA", is also available, and you can attend an in-person or online CCNA boot camp with The Bryant Advantage!

http://www.thebryantadvantage.com

Routers Articles

Win-Spy Monitoring Software Monitor Your Home PC Or Any PC Within Your Wireless Network. Monitor A Cheating Spouse. Records Any Password. Monitor Any Email. Monitor Via Webcam And Mic.  Continue Reading... Computer Repair Home Study Course Learn How to Repair Your Computer Today! - Save money on costly repairs and even start your own business. Join thousands of others who learned new skills, jump started their careers, made extra money, and started their biz with this Computer Repair Course!  Continue Reading... Overclocking Your Cpu to the Extreme Who Else Wants To Turn There PC Into A Extreme Gaming Rig Without Spending A Single Cent On Hardware? Discover how to unleash over 900% of CPU performance from your PC in a just a few easy steps, then watch in awe as your game's frame-rates double overnight!  Continue Reading... PC Secrets How to make your computer boot up in mere seconds. Exactly how you can Instantly end any threat of Spyware, Trojans and Viruses destroying your computer from the inside out – for good! Secret Insider settings that with just a few clicks will speed up your computer MULTIPLE TIMES. Instantly And Easily Optimize and Speed Up Slow, Crashing, Freezing Computers Even if You Completely Suck at Computers! Fix For All PC Issues.  Continue Reading...

A Quick Note From The Publisher... If you like the article above, you may be interested in the following article which is also related to Routers... Network Security 101 As more people are logging onto the Internet everyday, Network Security becomes a larger issue. In the United States, identity theft and computer fraud are among the fastest rising crimes. It is important to protect your network and ensure the safety of all computers and users in that network. What is a Network? In order to fully understand network security, one must first understand what exactly a network is. A network is a group of computers that are connected. Computers can be connected in a variety of ways. Some of these ways include a USB port, phone line connection, Ethernet connection, or a wireless connection. The Internet is basically a network of networks. An Internet Service Provider (ISP) is also a network. When a computer connects to the internet, it joins the ISP’s network which is joined with a variety of other networks, which are joined with even more networks, and so on. These networks all encompass the Internet. The vast amount of computers on the Internet, and the...