Skip to main content

Configuring Security Measures

 

Configuring passwords on the cisco IOS:

Protecting privilege mode:

Option I

DeviceName(config)#enable password XXXX

Option II

DeviceName(config)#enable secret XXXX

NOTE: Using “Option I” is not recommended as it stores password in clear text that can easily be tracked. Whereas “Option II” saves password in encrypted format.

If both passwords are set, IOS uses secret password.

Space Bar is counted as a character in password.

Protecting user mode:

DeviceName(config)# line console 0

DeviceName(config-line)#password XXXX

DeviceName(config-line)#login

Setting up Telnet:

NOTE: This applies after successful IP configuration of the VLAN1 with valid IP address.

DeviceName(config)# line vty X Y

X = First line number and Y= Last line number. i.e. the number of allowed concurrent telnet sessions.

DeviceName(config-line)#password XXXX

NOTE: telnet will not work without any password.

Keeping an eye on telnet session:

DeviceName#termial monitor

It allow to see all the messages from the telnet/ssh session.

Encrypting all passwords in one go:

DeviceName(config)#service password-encryption

It will encrypt all clear text passwords on the IOS. Might not work on older IOS.

Setting up logon banner:

Type of banners:

Login: This only appears when using telnet.

Motd (Message of the Day): It appears on every console.

DeviceName(config)#banner [motd/login] Y XXXXXX Y

Where Y is the delimiting character.

Setting up port security.

DeviceName(config)#interface fa 0/X

DeviceName(config-if)#switchport mode access

This command makes the interface as access port. It means the interface is connected to some other device like PC or router but not to a switch.

DeviceName(config-if)#switchport port-security

DeviceName(config-if)#switchport port-security maximum X

Where X is the number of maximum MAC address allowed to connect through the interface.

DeviceName(config-if)#switchport port-security violation [shutdown/restrict/protect]

Through this command we set up how the switch should response if the “port security” is violated. There are three modes:

1) Shutdown: It is default mode, and will shutdown the interface completely. It will take the interface to “err-disable” mode and will need administrator to manually activate the port.

2) Restrict: It will not shutdown the port but will stop listening to the port unless the authorized device is logged in again. It will also make a log of the event.

3) Protect: It is same as restrict but will not make a log of the event.

DeviceName(config-if)#switchport port-security mac-address [X.X.X/sticky]

Where X.X.X is the MAC addressed in 48 bit format. And “sticky” will automatically get the MAC address of device currently attached to the port.

Configuring a range of interfaces:

DeviceName(config)#interface range fast-ethernet 0/X – Y

Where X is the starting port number(lower) and Y is the last port number(Higher).

Comments

Post a Comment

Popular posts from this blog

What is this mystical network!

There is a lot written about networks but most of the times when it comes to Basic questions like "What is a network?"(in regards to information technology), most of us will end up saying "A group of different devices that can intercommunicate in an intelligent manner (of-course you may find some that can only give you a shrug,like me)". When I asked myself all I got were random images of pcs and boxes connected via lines, bolts and clouds. Actually what we should concentrate on is what the network does instead of what the network really is? I still remember asking my high school teacher about this cloud. All I was told was that it's Internet: network of networks. Most of us will be pretty satisfied with the above definition of network but read it again, it tells us about what network is made of, and not what network exactly is. Let's take an example from the latest movie I watched, Shrek: the far away kingdom, where King stamps a letter and give ...
Post a Comment
Read more

Virtualization

The word "Virtualization" on its own, is too wide to discuss. But to cut it short, its a process of making one thing look like another. For our purposes we are referring to the ability of a computer to be split into multiple parts where the parts are (relatively) indistinguishable from the whole. For example, running different Linux environment on a single machine. Virtualization is often posed as a tool to over ride accustomed practice to having dedicated environments for each application, due to this one application per server deployment model, the majority of systems are grossly under-utilised like CPU utilization below 10% is normal. By virtualizing the physical hardware so that many “servers” can run simultaneously on the same physical machine we can drive utilisation much higher, to 50% or more. Hope it help!
Post a Comment
Read more

Cisco: Resetting Forgotten Password

I was actually made to write this blog after I end up buying a password protected Cisco 2500 router from Ebay. My room mate collected it and straight away tried to connect it to HyperTerminal as he wanted to test his newly learnt skills from CCNA classes. But more to his disappointment, the router was password protected and it was not until evening when I returned home after work. If you do end up in a similar situation, before you start have your snacks, roll up your sleeves and be prepared for a good 3-4 hrs of command line drill. Alright.. my bad.. it won’t take this long, it’s actually easier than it looks and can only take a max of 2 minutes if you got all the right stuffs with you. And here is how we do it in easy steps: 1) Connect to your router via console. 2) Power reset the Router. 3) When the router boots again, Press "Ctrl + Break” or “Ctrl +Pause”(Hyper-terminal/Putty). Pause/Break is actually the same key. And make sure to do this with in within 60 sec. And if ...
Post a Comment
Read more