Friday 1 February 2019

Router Security

Router Security

Open console of router by default you are in user mode
Router>

Write command enable to enter privilege mode
Router>enable                                
Router#    

Write command configure terminal to enter global config mode
Router#configure terminal
Router(config)#

All the configuration are done in  global config mode

Setting password for console

Go to  global config mode
Router(config)#

Enter command ->line console 0 to enter into config-line mode which is used for configuring console
Router(config)#line console 0

Enter command ->password yourConsolePassword
Router(config-line)#password cisco

Enter command ->login
Router(config-line)#login

Enter command ->end to come out to privilege mode 
Router(config-line)#end

Setting password for virtual terminal (vty)

Go to  global config mode
Router(config)#

Enter command ->line vty 0 4 to enter into config-line mode which is used for configuring console
Router(config)#line vty 0 4

Enter command ->password yourVtyPassword
Router(config-line)#password cisco

Enter command ->login
Router(config-line)#login

Enter command ->end to come out to privilege mode 
Router(config-line)#end

Show running configuration file

Go to  privilege mode
Router#

Enter command ->show running-config enter space bar to view more
Router#show running-config

Setting enable password to apply access control on privilege mode

Go to  global config mode
Router(config)#

Enter command ->enable password yourEnablePassword
Router(config)#enable password cisco

Applying type-7 encryption to all the password stored in config file

Go to  global config mode
Router(config)#

Enter command ->service password-encryption
Router(config)#service password-encryption

What is type-7 password?


Removing enable password

Go to  global config mode
Router(config)#

 Enter command ->no enable password
 Router(config)#no enable password

Setting enable password encrypted using MD5 hash

Go to  global config mode
Router(config)#

Enter command ->enable secret yourEnablePassword
Router(config)#enable secret cisco

Some special security features

Go to  global config mode
Router(config)#

Set minimum password length
Router(config)#security password min-length 10

 Enable log for unsuccess login
Router(config)#login on-failure log

 Enable log for success login
Router(config)#login on-success log

 Apply login delay between successive login attempts default is 1 second.
Router(config)#login delay 3

 Blocking user for unsuccess full login 
Example:- Block user from login for 180 seconds or 3 minutes after 5 unsuccessful login within 60 seconds or 1 minutes
Router(config)#login block-for 180 attempts 5 within 60

 Setting timeout for console or vty 
For console go to global config mode and enter command line console 0
Router(config)#line console 0

Change default timeout of console for 10minutes to 3 minutes
Router(config-line)#exec-timeout 3

 Similarly vty timeout can be reset


Adding username and password to console login

Go to  global config mode
Router(config)#

 Enter command ->line console 0 to enter into config-line mode which is used for configuring console
Router(config)#line console 0

 Disable global login
Router(config-line)#no login

 Setting  password from local data base
Router(config-line)#login local

 Enter command ->end to come out to privilege mode 
Router(config-line)#end
Go to  global config mode
Router#configure terminal

 Add username and password with MD5 encrypation command -> username yourUserName secret yourPassword
Router(config)#username dan secret cisco
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)