Chapter 15. Router Security
Before deploying a router, you should secure it: that is, you should do everything you can to prevent the router from being misused, either by people within your own organization or by intruders from the outside. This chapter describes the first simple steps you can take toward router security ; however, it’s not a complete discussion by any means. I don’t do anything more than point you in the right direction. For more security review and hints, you might want to look at some O’Reilly titles, especially Hardening Cisco Routers by Thomas Akin and Cisco Cookbook by Kevin Dooley and Ian J. Brown.
Securing Enable Mode Access
One of the basic security items you need to protect is access to the enable mode, which allows a user access to the router’s configuration and boot information. You want to protect this mode as much as possible and give access only to people who really need it and who know what they are doing. For this section, we’ll look at setting the enable password
, the enable secret
command (which provides additional security), and enable privilege levels.
Setting the Enable Password
The enable password grants the user access to your complete router configuration. It’s much like the superuser or root password on a Unix system or like the Administrator password on Windows. It must be guarded carefully. In Chapter 3, I showed how to set the enable password:
Router(config)#enable password mypassword
The problem with setting the password this way is ...
Get Cisco IOS in a Nutshell, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.