HOW DO YOU UNINSTALL CISCO WEB SECURITY PASSWORD
If the service password encryption command is used, the enable password and the line level password will be encrypted but with a much more simplistic method. The enable secret uses a Message Digest 5 (MD5) hashing algorithm to encrypt the password in the configuration the enable password does not. Local privilege level password (also known as the “enable” password) should be configured with the enable secret command rather than the enable password command. Remote access should not have a local option for authentication.Īuthorization can also be configured through an access control server detailing what the authorized user is allowed to do on the router or switch.
There would still need to be local authentication for at least the console access if reachability to the servers is disrupted. Setting policy for frequency of password changes and complex passwords (minimum length, use of mixed characters, numbers and special characters) is recommended while managing passwords through an access control server using TACACS+, Radius or LDAP is highly recommended. Password control, for example, is a minimum requirement. Using some method to authenticate and authorize a user is a must.
User access and control is key to hardening the management plane although there are other features, protocols and applications that could be fortified as well. Since the management plane is used to access and control the networking device, it is a prime candidate for attack. As illustrated in Figure 2, some of those application or protocols are telnet, Secure Shell (SSH), Simple Network Management Protocol (SNMP), Trivial File Transfer Protocol (TFTP), File Transfer Protocol (FTP), Hypertext Transfer Protocol (HTTP) and HTTP Secure (HTTPS). The management plane manages traffic sent to the router or switch itself and is made up of applications and protocols for the function of managing the devices. Let’s take a look at a few options to secure them.įigure 1. There are three main functions within networking devices that need to be protected: the management plane, the control plane, and the data plane as seen in Figure 1. Today, I want to focus on the routers and switches themselves. There needs to be policy for change control and security more importantly, they need to be followed, but that’s something for another article. Risks to a network are not limited to those attempting malicious activity the people working on networks pose an inherent risk as well. Those guidelines are a bit extreme, but we can use it as a foundation and pick and choose the parts that make sense with an enterprise network. The National Security Agency (NSA) has guidelines for hardening devices for use with the U.S. Firewalls will help along with Intrusion Prevention Systems (IPS), but there are additional steps we can take to harden the routers and switches within our network. Although network infrastructure is vital, we also need to protect the networking devices themselves from attack this protection is known as hardening.
We hear about mass Denial of Service (DOS) attacks or Distributed Denial of Service (DDOS), but the network itself is as big a risk because if it is taken out, there is no path for the data to flow. Routers and switches make up the bulk of network infrastructure and are vulnerable to attack.
0 kommentar(er)
