Learning IINS (part 1)

Securing Administrative Access to Cisco Routers

Some basic commands to secure administrative access to cisco Routers.

* Set password enable

Enable Secret or
Enable Password

* Console Terminal

Line console 0
Login
Password Enablepa55
Exec-timeout 2 30
Loggin synchronous

* Virtual Terninal

Line vty 0 4
Login
Password VTYpa55
Exec-timeout 2 30
Loggin synchronous

* Auxiliary line

Line console 0
Login
Password Auxpa55
Exec-timeout 2 30
Loggin synchronous

* Enable Password Encryption

Service password-encryption

* Enable Password Policy

Security passwords min-length 6

*  Secure ROMMON mode

No service password-recovery (Be careful with this command !)

* Setting multiple privilege levels

Eg:

Privilege exec level 5 ping
Enable secret level 5 operatorpa55
(to login using command: enable 5)

* Configure Role-based Access to CLI

Enable AAA:                               
aaa
new-model

Set enable password:
enable secret enablepa55

Switch to view mode:             
enable view

Create a view:
parser view Operator Secret operatorpa55
commands exec include ping
commands exec include show hardware
commands exec include show interface
commands exec include show ver

Add a view to user:
username operator view operator secret operatorpa55

Login to view
enable view operator

* Configuring the Cisco IOS Resilient configuration feature

Protect IOS Image:                 
Secure boot-image

Protect NVRAM:                     
Secure boot-config

Show secured copies:
Show secure bootset

* Create a Banner Message

Banner Motd | Incoming | Exec | Login | SLIP-PPP

* Enable Cisco IOS Login Enhencements for virtual connections (HTTP, TELNET, SSH)

Login block for 120 attemps 10 within 30

Allow subnet 10.0.0.0/24 to login to Router during Quiet Period:
Access-list Admin_Access_Always permit 10.0.0.0 0.0.0.255
Login quiet-mode access-class Admin_Access_Always

Delay between login attempts:
Login delay 1

Logging:
Login on-success log
Login on-failure log

Show login

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s