Security

Protocols that can access the VTY lines can be restricted with the command transport input All protocols can be permitted with the command transport input all or individual protocols can be permitted by listing them ! Permit telnet and SSH only transport input telnet ssh

Access to VTY lines can be controlled with an access control list. To apply a standard or extended access control list to a VTY line, use the command access-class <ACL Number or Name> in under configuration mode for that line for an inbound access list, or access-class <ACL Number or Name> out for an outbound…

The Cisco IOS CLI has three privilege levels by default: Level 0 Level 0 provides the disable, enable, exit, help, and logout commands Level 1 Level 1 is known as User EXEC mode. It is not possible to make configuration changes in this mode and the command configure terminal is not available. Level 15 Known…

Two commands are required to enable username and password authentication on Cisco devices, the username command in global configuration mode and the command login local on the line configuration username george secret bananas123 line con 0 login local

To enable password authentication on a line, the following two commands are required: password and login To configure password authentication on the console, use the following commands: line con 0 password P4ssw0rd! login

User identification can be best carried out with not just a password, but a username and password. Username accounts can be used for several applications, including console, AUX and VTY lines. To start a username and password login system, the usernames need to be configured on the device in global configuration mode. ! Creates a…

service password-encryption will change any Type 0 passwords entered in the router configuration to Type 7 in an attempt to stop unauthorised users from being able to easily view the password. This includes any passwords entered earlier in configuration, they will be converted to Type 7 passwords when service password-encryption is entered Password encryption is…

enable password stores the password in plain text (Type 0) in the Ciscos configuration. service password-encryption will encrypt the plain text into a Type 7 password but this is still considered weak. enable secret will store the password in a Type 5 encryption and is considered more secure. If both enable password and enable secret…

There are five available types of password security in Cisco IOS Type 0 Type 0 are most insecure as they are not encrypted and are visible in the device configuration in plaintext. Type 4 Type 4 is a discontinued password encryption that was discontinued from IOS 15.3 due a flaw in its implementation, it should…

Password protection to control or restrict access to the command line interface is important to protect from unauthorised access. There are three methods of accessing the command line interface of an IOS device: Console Port (CTY) On any Cisco device, the console port appears in configuration as line con 0 and in the output of…