Example 19-4 Basic Router Security–Cisco Build a Small Cisco Network

Cisco Network Router Boot Process Switch Virtual Interface Configuration

R1(config)#
enable secret class

R1(config)#
R1(config)#
line console 0

R1(config-line)#
password cisco

R1(config-line)#
login

R1(config-line)#
exit

R1(config)#
R1(config)#
line vty 0 4

R1(config-line)#
password cisco

R1(config-line)#
login

R1(config-line)#
transport input ssh telnet

R1(config-line)#
exit

R1(config)#
R1(config)#
service password-encryption

R1(config)#

The legal notification warns users that the device should be accessed only by permitted users. Legal notification can be configured like shown in Example 19-5.

Click here to view code image

Example 19-5 Banner Configuration

R1(config)#
banner motd #

Enter TEXT message. End with a new line and the #
********************************

 
***************  WARNING: Unauthorized access is prohibited! *******************

 
****************************
 #
R1(config)#

If the router were to be configured with the preceding commands and it accidently lost power, the router configuration would be lost. For this reason, it is important to save the configuration when changes are implemented. Example 19-6 shows how to save the configuration to NVRAM.

Click here to view code image

Example 19-6 Saving the Configuration

R1# copy running-config startup-config

Destination filename [startup-config]?
Building configuration…
[OK]
R1#

Syntax Checker—Configure Initial Router Settings (19.2.3)

Use this Syntax Checker to practice configuring the initial settings on a router.

  • Configure the device name.
  • Secure the privileged EXEC mode.
  • Secure and enable remote SSH and Telnet access.
  • Secure all plaintext passwords.
  • Provide legal notification.

Refer to the online course to complete this activity.

Packet Tracer—Configure Initial Router Settings (19.2.4)

In this activity, you will perform basic router configurations. You will secure access to the CLI and console port using encrypted and plaintext passwords. You also will configure messages for users logging in to the router. These banners also warn unauthorized users that access is prohibited. Finally, you will verify and save your running configuration.

Secure the Devices (19.3)

A device should always be properly secured before it is put into a production network.

Password Recommendations (19.3.1)

To protect network devices, you need to use strong passwords. Here are standard guidelines to follow:

  • Use a password length of at least 8 characters, preferably 10 or more characters. A longer password is a more secure password.
  • Make passwords complex. Include a mix of uppercase and lowercase letters, numbers, symbols, and spaces, if allowed.
  • Never use passwords based on repetition; common dictionary words; letter or number sequences; usernames; relative or pet names; or biographical information, such as birthdates, ID numbers, ancestor names, or other easily identifiable pieces of information.
  • Deliberately misspell a password. For example, Smith = Smyth = 5mYth or Security = 5ecur1ty.
  • Change passwords often. If a password is unknowingly compromised, the window of opportunity for the threat actor to use the password is limited.
  • Do not write down passwords or leave them in obvious places such as on a desk or monitor.

Tables 19-1 and 19-2 show examples of weak and strong passwords.

  

Table 19-1 Weak Password Examples

Weak Password

Why It Is Weak

secret

Simple dictionary password

smith

Maiden name of mother

toyota

Make of a car

bob1967

Name and birthday of the user

Blueleaf23

Simple words and numbers

  

Table 19-2 Strong Password Examples

Strong Password

Why It Is Strong

b67n42d39c

Combines alphanumeric characters

12^h u4@1p7

Combines alphanumeric characters, symbols, and a space

On Cisco routers, leading spaces are ignored for passwords, but spaces after the first character are not. Therefore, one method to create a strong password is to use the space bar and create a phrase made of many words. This is called a passphrase. A passphrase is often easier to remember than a simple password. It is also longer and harder to guess.

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *