RE: Desktop Support Access

From: Wilcox, Stephen (StephenWilcox_at_universalcomputersys.com)
Date: 10/20/03

  • Next message: Dave Killion: "RE: POP3 passwords"
    Date: Mon, 20 Oct 2003 10:24:07 -0500
    To: "Halverson, Chris" <chris.halverson@encana.com>, "David Nichols" <dnichols@amci.com>, "Thomas Graf" <tgraf@swmail.sw.org>, <security-basics@securityfocus.com>
    
    

    There is 16 levels 0 - 15 where 15 is full control in the Cisco IOS.

    Most people only use the defaults

    Cisco also have a software call TACACS and it predecessors TACACS+ then ACS. This software allow someone to control a users access right and restricts what commands a user can execute while in the router. For example: you might want someone the make changes in routers but you want someone else to look over the changes before saving the configuration. So you would not allow the 1st user to privilege to WR ME or COP RUN STAR.

    Here is a good Link:

    http://www.cisco.com/en/US/products/sw/secursw/ps2086/index.html

    It also, captures the commands a user types while in the router and how long the user was in.

    -----Original Message-----
    From: Halverson, Chris [mailto:chris.halverson@encana.com]
    Sent: Friday, October 17, 2003 3:40 PM
    To: 'David Nichols'; Thomas Graf; security-basics@securityfocus.com
    Subject: RE: Desktop Support Access

    You are correct, the two levels are the User Exec and Privileged Exec.
    To enable and disable ports would require access to the interface
    configuration is accessible only from the privileged mode.

    Shut, no shut commands...

    If you have a smartnet account you might want to inquire at Cisco for some
    sort of web tools to do something like that...
    I don't recall seeing something like that though.

    Hmmmm good idea about the development for that though...

    Chris

    -----Original Message-----
    From: David Nichols [mailto:dnichols@amci.com]
    Sent: Friday, October 17, 2003 11:44AM
    To: Thomas Graf; security-basics@securityfocus.com
    Subject: Re: Desktop Support Access

    Hey Thomas (& the rest of the list)-

    Correct me if I'm wrong, (please!, I've gone through a CCNA course but
    haven't taken the test yet!) but I think the IOS only has two levels of
    access, one to basically monitor and the other to admin the router. If this
    is the case, I think you're out of luck. Does any one know of any software
    (simulator-like) that will only allow certain commands to be passed on to
    the router? If not, I'M CALLING THE PATENT OFFICE RIGHT NOW!! (just
    kidding) ; )

    David Nichols
    A+, Network+

    ----------------------------------------
    The information transmitted in this message is intended only for the person or entity to whom it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and destroy any copies of this document.
    ----- Original Message (edited) -----
    From: "Thomas Graf" <tgraf@swmail.sw.org>
    To: <security-basics@securityfocus.com>
    Sent: Friday, October 17, 2003 10:22 AM
    Subject: Desktop Support Access

    > ... The desktop support is requesting access to (Cisco) routers and
    switches to enable/disable
    > ports. (...) I know that they are going to get it and it is a big risk,
    but is there any way to
    > limit there access to just enabling/disabling ports?
    >
    > Thanks for all the help.
    >
    > Thomas Graf
    > HW/SW Technician

    ---------------------------------------------------------------------------
    FREE Whitepaper: Better Management for Network Security

    Looking for a better way to manage your IP security?
    Learn how Solsoft can help you:
    - Ensure robust IP security through policy-based management
    - Make firewall, VPN, and NAT rules interoperable across heterogeneous
    networks
    - Quickly respond to network events from a central console

    Download our FREE whitepaper at:
    http://www.securityfocus.com/sponsor/Solsoft_security-basics_031015
    ----------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    FREE Whitepaper: Better Management for Network Security

    Looking for a better way to manage your IP security?
    Learn how Solsoft can help you:
    - Ensure robust IP security through policy-based management
    - Make firewall, VPN, and NAT rules interoperable across heterogeneous
    networks
    - Quickly respond to network events from a central console

    Download our FREE whitepaper at:
    http://www.securityfocus.com/sponsor/Solsoft_security-basics_031015
    ----------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    FREE Whitepaper: Better Management for Network Security

    Looking for a better way to manage your IP security?
    Learn how Solsoft can help you:
    - Ensure robust IP security through policy-based management
    - Make firewall, VPN, and NAT rules interoperable across heterogeneous
    networks
    - Quickly respond to network events from a central console

    Download our FREE whitepaper at:
    http://www.securityfocus.com/sponsor/Solsoft_security-basics_031015
    ----------------------------------------------------------------------------


  • Next message: Dave Killion: "RE: POP3 passwords"

    Relevant Pages

    • RE: Auditing enabled but Logon Failures not showing up
      ... FREE Whitepaper: Better Management for Network Security ... Ensure robust IP security through policy-based management ...
      (Focus-Microsoft)
    • RE: Auditing enabled but Logon Failures not showing up
      ... FREE Whitepaper: Better Management for Network Security ... Ensure robust IP security through policy-based management ...
      (Focus-Microsoft)
    • Re: Terminal Services Auditing?
      ... Read Special Ops and mount an assault to eradicate network negligence today. ... FREE Whitepaper: Better Management for Network Security ... Ensure robust IP security through policy-based management ...
      (Focus-Microsoft)
    • RE: Alternatives to sftp?
      ... FREE Whitepaper: Better Management for Network Security ... Ensure robust IP security through policy-based management ...
      (Security-Basics)
    • RE: Alternatives to sftp?
      ... FREE Whitepaper: Better Management for Network Security ... Ensure robust IP security through policy-based management ...
      (Security-Basics)