RE: Securing Access to Cisco Routers

From: Jason Burzenski (jason.burzenski@gsxxi.com)
Date: 01/14/02 

From: "Jason Burzenski" <jason.burzenski@gsxxi.com>
To: <leds@darkwater.net>, <security-basics@securityfocus.com>
Date: Mon, 14 Jan 2002 08:46:09 -0800

Led,

Here are some links that you might find useful:

http://nsa1.www.conxion.com/cisco/download.htm
http://www.attrition.org/~modify/texts/phrack/Phrack55/P55-10

Regards,

Jason

-----Original Message-----
From: leon [mailto:leon@inyc.com]
Sent: Thursday, January 10, 2002 7:02 AM
To: leds@darkwater.net; security-basics@securityfocus.com
Subject: RE: Securing Access to Cisco Routers

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SSH is available on the higher end IOS. I have the enterprise yadda
yadda yadda running on mine at home and it has SSH. And telnet is
not so super bad if you know how to secure it. Please no flames on
that comment. Telnet can be used if a person has other layers of
security (using a switched network, strong user names and passwords,
proactively monitoring for sniffing).

Probably proactively monitoring for sniffing is the biggest since the
data is in plain text. Use weak passwords with SSH and your router
can be hacked just as easily as with telnet (excluding acls and
things of that nature).

Cheers,

Leon

- -----Original Message-----
From: Led Slinger [mailto:leds@darkwater.net]
Sent: Monday, January 07, 2002 11:23 AM
To: security-basics@securityfocus.com
Subject: Securing Access to Cisco Routers

I have been tasked with finding a solution to replace telnet for
router
access to a large group of Cisco Routers. Is SSH available for Cisco
Routers or does anyone have a preferred solution for doing away with
the vulnerability associated with telnet and core infrastructure
components?

Leds....

- --
There's nothing wrong with Windows until you install it........

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>

iQA/AwUBPD2s7tqAgf0xoaEuEQIj+wCg/NXWU7AEVdvfCrxh7wLGeOx/jYQAoOPr
lVYPzkKWqV8Guksp8frwmbgq
=fAyx
-----END PGP SIGNATURE-----

Relevant Pages

  • Re: Running commands on cisco routers using python
    ... I have to run command "show access-list" on few hundred cisco routers and get the dump into a file. ... Can you access the routers with telnet or do you need to use ssh? ... It is telnet, though. ... under the same wrapper so that higher level code could work unchanged. ...
    (comp.lang.python)
  • RE: Securing Access to Cisco Routers
    ... Securing Access to Cisco Routers ... I have been tasked with finding a solution to replace telnet for router ... Routers or does anyone have a preferred solution for doing away with ...
    (Security-Basics)
  • RE: Securing Access to Cisco Routers
    ... New versions of Cisco IOS will do SSH. ... That's still got to be better then telnet though. ... Securing Access to Cisco Routers ...
    (Security-Basics)
  • Re: Securing Access to Cisco Routers
    ... > I have been tasked with finding a solution to replace telnet for router ... > access to a large group of Cisco Routers. ... Is SSH available for Cisco ...
    (Security-Basics)
  • Re: Securing Access to Cisco Routers
    ... > I have been tasked with finding a solution to replace telnet for router ... > access to a large group of Cisco Routers. ... Is SSH available for Cisco ... the newer Cisco routers have support for SSH built in. ...
    (Security-Basics)