Manualshelf

System information

ManualsBrandsCisco ManualsComputer equipment857W - Integrated Services Router
11121314151617181920
ISR Overview and Providing Secure Administrative Access 87
Figure 3-2 Administrative Access to a Router
Telnet sends data in clear text. Therefore, if an attacker intercepted a series of Telnet
packets, he could view their contents, such as usernames and passwords. For a more secure
connection, administrators might choose to use Secure Shell (SSH) for access over a vty
line. Modern Cisco routers also offer a graphical interface called Cisco Security Device
Manager (SDM), which is accessible over the network using HTTP or HTTPS.
However, regardless of how an administrator chooses to access a router, the router typically
challenges the administrator to provide either a password or a username/password
combination before access is granted. As soon as an administrator is granted access to the
router, she might be in user mode, where she has a limited number of commands she can
issue. However, most router administration is performed from privileged mode. To access
privileged mode from user mode, the administrator enters the enable command. Typically,
the administrator then is prompted to enter another password, sometimes called the enable
password. Interestingly, by default, a router has no password protection of any kind.
To protect a router from unauthorized access, a “strong” password should be selected. A
strong password is one that is difficult for an attacker to guess or compromise by launching
a dictionary attack or brute-force attack. A dictionary attack occurs when an attacker tries
to use passwords from a file containing commonly used passwords. A brute-force attack
occurs when an attacker tries all combinations of characters until a match is found.
Recommended Cisco guidelines for selecting a strong router password include the
following:
Select a password that is at least ten characters long. The security password min-
length 10 global configuration mode command can be used to enforce this password
length recommendation.
Vty
Con
Serial
Connection
Telnet
Connection
PC with Terminal
Emulation Software
PC with Terminal
Emulation Software
Router
Modem
Serial
Connection
PSTN
Aux