RE: Desktop Support Access

• Previous message: Keller, Tim: "RE: POP3 passwords"
• Maybe in reply to: Thomas Graf: "Desktop Support Access"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "'Halverson, Chris'" <chris.halverson@encana.com>, 'David Nichols' <dnichols@amci.com>, Thomas Graf <tgraf@swmail.sw.org>, security-basics@securityfocus.com
Date: Mon, 20 Oct 2003 13:51:04 -0400

Actually, as I understand it, the Cisco IOS actually has 16 different
privilege levels. Level 1 is the default user EXEC privilege, while level
15 allows for complete access to the device.

You use the "pivilege" command to explicity assign what commands are
available under each level, then set a password for that level using the
command "enable secret level xx"

Never have had to do this kind of stuff for myself, but I'm sure you can
find more info about it on the web somewhere.

-----Original Message-----
From: Halverson, Chris [mailto:chris.halverson@encana.com]
Sent: Friday, October 17, 2003 4:40 PM
To: 'David Nichols'; Thomas Graf; security-basics@securityfocus.com
Subject: RE: Desktop Support Access

You are correct, the two levels are the User Exec and Privileged Exec.
To enable and disable ports would require access to the interface
configuration is accessible only from the privileged mode.

Shut, no shut commands...

If you have a smartnet account you might want to inquire at Cisco for some
sort of web tools to do something like that...
I don't recall seeing something like that though.

Hmmmm good idea about the development for that though...

Chris

-----Original Message-----
From: David Nichols [mailto:dnichols@amci.com]
Sent: Friday, October 17, 2003 11:44AM
To: Thomas Graf; security-basics@securityfocus.com
Subject: Re: Desktop Support Access

Hey Thomas (& the rest of the list)-

Correct me if I'm wrong, (please!, I've gone through a CCNA course but
haven't taken the test yet!) but I think the IOS only has two levels of
access, one to basically monitor and the other to admin the router. If this
is the case, I think you're out of luck. Does any one know of any software
(simulator-like) that will only allow certain commands to be passed on to
the router? If not, I'M CALLING THE PATENT OFFICE RIGHT NOW!! (just
kidding) ; )

David Nichols
A+, Network+

----- Original Message (edited) -----
From: "Thomas Graf" <tgraf@swmail.sw.org>
To: <security-basics@securityfocus.com>
Sent: Friday, October 17, 2003 10:22 AM
Subject: Desktop Support Access

> ... The desktop support is requesting access to (Cisco) routers and
switches to enable/disable
> ports. (...) I know that they are going to get it and it is a big risk,
but is there any way to
> limit there access to just enabling/disabling ports?
>
> Thanks for all the help.
>
> Thomas Graf
> HW/SW Technician

---------------------------------------------------------------------------
FREE Whitepaper: Better Management for Network Security

Looking for a better way to manage your IP security?
Learn how Solsoft can help you:
- Ensure robust IP security through policy-based management
- Make firewall, VPN, and NAT rules interoperable across heterogeneous
networks
- Quickly respond to network events from a central console

Download our FREE whitepaper at:
http://www.securityfocus.com/sponsor/Solsoft_security-basics_031015
----------------------------------------------------------------------------

---------------------------------------------------------------------------
FREE Whitepaper: Better Management for Network Security

Looking for a better way to manage your IP security?
Learn how Solsoft can help you:
- Ensure robust IP security through policy-based management
- Make firewall, VPN, and NAT rules interoperable across heterogeneous
networks
- Quickly respond to network events from a central console

Download our FREE whitepaper at:
http://www.securityfocus.com/sponsor/Solsoft_security-basics_031015
----------------------------------------------------------------------------

This email message is for the sole use of the intended recipient(s) and may
contain confidential and privileged information. Any unauthorized review,
use, disclosure or distribution is prohibited. If you are not the intended
recipient, please contact the sender by reply email and destroy all copies
of the original message. Thank you.

---------------------------------------------------------------------------
FREE Whitepaper: Better Management for Network Security

Looking for a better way to manage your IP security?
Learn how Solsoft can help you:
- Ensure robust IP security through policy-based management
- Make firewall, VPN, and NAT rules interoperable across heterogeneous
networks
- Quickly respond to network events from a central console

Download our FREE whitepaper at:
http://www.securityfocus.com/sponsor/Solsoft_security-basics_031015
----------------------------------------------------------------------------

• Previous message: Keller, Tim: "RE: POP3 passwords"
• Maybe in reply to: Thomas Graf: "Desktop Support Access"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]