Securing a network means nothing when failing to secure the edge router, so here is a few tips on how to secure Cisco's CLI remote management,
first restrict access by IP address, to do so create an access-list containing the IP's you might be connecting from and add restrict the access to that ACL,
let's assume you'll need access only from 192.168.0.0/24
Cisco# access-list 10 permit 192.168.0.0 0.0.0.255
Cisco# line vty 0 4
Cisco# access-class 10 in
that should make sure no one outside your network is able to access the router configurations, but what about inside your network ? it is still possible to gain access to the router by running a number of attacks on the router, to try and counter it we can use log in restrictions.
Block all access after 2 failed login attempts within 1 Minute for the period of 300Secounds (5 Minutes)
Cisco# login block-for 300 attempts 2 within 60
Delay 5 Seconds between each login attempt
Cisco# login delay 5
And offcource log each attempt, both successful and failed.
Cisco# login on-failure log
Cisco# login on-success log
Another feature is to allow specific IP's the possibility to access even if the device is in "quite mode" (block is active)
Cisco# access-list 20 permit 192.168.0.100
Cisco# login quiet-mode access-class 20
Hope this post was helpful, If it was please consider a donation:
BTC Address: 1CnyMpjd1RntRDxSus2hu2aDMyzL4Kj29N
LTC Address: LUqrKbzGihTU2GEnL3EwsuuLHCsxCJMdtR
thx guys
ReplyDeleteyou are grate
thanx!
ReplyDeleteNice post! This is a very nice blog that I will definitively come back to more times this year! Thanks for informative post. security company
ReplyDeleteYour music is amazing. You have some very talented artists. I wish you the best of success. security company
ReplyDeleteThis is such a great resource that you are providing and you give it away for free. security guards
ReplyDeleteI adore your websites way of raising the awareness on your readers. security guard training
ReplyDeleteThere are security industry exchange distributions, different affiliations, and other important assets that you can get some answers concerning by exploring on the web or visit your open Library. Your neighborhood office of trade is additionally a decent spot to begin. mall security guard
ReplyDeleteGreat job for publishing such a beneficial web site. Your web log isn’t only useful but it is additionally really creative too. 먹튀폴리스
ReplyDeleteWhenever I have some free time, I visit blogs to get some useful info. Today, I found your blog with the help of Google. Believe me; I found it one of the most informative blog. hotmail entrar
ReplyDeleteReally I enjoy your site with effective and useful information. It is included very nice post with a lot of our resources.thanks for share. i enjoy this post. hotmail email
ReplyDeletePositive site, where did u come up with the information on this posting? I'm pleased I discovered it though, ill be checking back soon to find out what additional posts you include. more details
ReplyDeleteWhen signing in to the administration in the event that the client enters the username "xyz@gmail.com" and the secret key as "asdf" at that point the specialist organization must realize that the client needs to login utilizing semi-login. www.hotmail.com
ReplyDeleteI am always looking for some free kinds of stuff over the internet. There are also some companies which give free samples. But after visiting your blog, I do not visit too many blogs. Thanks. empresa de seguridad privada
ReplyDeleteVery informative post! There is a lot of information here that can help any business get started with a successful social networking campaign. ip camera
ReplyDeleteThanks for your insight for your fantastic posting. I’m glad I have taken the time to see this. Security Windows
ReplyDelete