confijrfnjnfjnfifbejfnjncmdcniofnefnofnc
omnia56798
8 views
18 slides
Mar 09, 2025
Slide 1 of 18
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
About This Presentation
kkrfk
Slide Content
Configure Passwords
Console & Auxiliary Sw # configure terminal Sw ( config )# line console 0 Sw ( config -line)# password cisco Sw ( config -line)# login Sw ( config -line)# end
Secure privileged EXEC access Sw # configure terminal Sw ( config )# enable secret class Sw ( config )# exit
Secure VTY lines Sw # configure terminal Sw ( config )# line vty 0 15 Sw ( config -line)# password cisco Sw ( config -line)# login Sw ( config -line)# end
Encrypt Passwords Service password-encryption: Sw # configure terminal Sw ( config )# service password-encryption
Secret Password Algorithms
Secret Password Algorithms Router( config )# enable algorithm-type { md5 | scrypt | sha256 | secret }
Secret Password Algorithms
Secret Password Algorithms R1( config )# username Bob algorithm-type scrypt secret cisco54321
Additional Password Security R1( config )# service password-encryption R1( config )# security passwords min-length 8 %configured passwords are a minimum of a specified length. R1( config )# login block-for 120 attempts 3 within 60 %If write wrong pass 3 times in 60 sec you cannot access for next 120s. R1( config )# line vty 0 4 R1( config -line)# password cisco123 R1( config -line)# exec-timeout 5 30 R1( config -line)# transport input ssh R1( config -line)# end
Additional Password Security R1( config )# security passwords min-length 8 %configured passwords are a minimum of a specified length. R1( config )# login block-for 120 attempts 3 within 60 Use the login block-for seconds attempts number within seconds This on global configuration command to deter this type of attack . R1( config -line )# exec-timeout 5 30 Notes: Cisco routers will logout an EXEC session after 10 minutes of inactivity.
Additional Password Security Router( config )#login block-for 60 attempts 3 within 10
Additional Password Security Router( config )#login on-success log % give you logs if success login happened. Router( config )# login on-success log [every login]
Additional Password Security Router( config )# login quiet-mode access-class { acl -name | acl -number } Router( config )# login quiet-mode access-class 1 Router( config )#access-list 1 permit 10.0.0.0 0.0.0.255 Login quiet-mode: command maps to an ACL that identifies the permitted hosts. This ensures that only authorized hosts can attempt to login to the router. Router( config )# login delay seconds. Command specifies a number of seconds the user must wait between unsuccessful login attempts.(ex: Brute force attack) Router( config )# login on-success log [every login] Router( config )# login on-failure log [every login ]
EX:
EX:
SSH
SSH R1# show crypto key mypubkey rsa % Key pair was generated at: 21:18:42 UTC Feb 16 2015 Key name: R1.span.com.server Key type: RSA KEYS R1(config)# crypto key zeroize rsa % All keys will be removed. % All router certs issued using these keys will also be removed.
Tags
Categories
BusinessDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 8
- Slides 18
- Age 287 days
Related Slideshows
1
DTI BPI Pivot Small Business - BUSINESS START UP PLAN
MeljunCortes
44 views
1
CATHOLIC EDUCATIONAL Corporate Responsibilities
MeljunCortes
42 views
11
Karin Schaupp – Evocation; lançamento: 2000
alfeuRIO
43 views
10
Pillars of Biblical Oneness in the Book of Acts
JanParon
39 views
31
7-10. STP + Branding and Product & Services Strategies.pptx
itsyash298
51 views
44
Business Legislation PPT - UNIT 1 jimllpkggg
slogeshk98
43 views