Menu

Cisco Login Security

Securing a network means nothing when failing to secure the edge router, so here is a few tips on how to secure Cisco's CLI remote management,
first restrict access by IP address, to do so create an access-list containing the IP's you might be connecting from and add restrict the access to that ACL,
let's assume you'll need access only from 192.168.0.0/24
Cisco# access-list 10 permit 192.168.0.0 0.0.0.255
Cisco# line vty 0 4
Cisco# access-class 10 in
that should make sure no one outside your network is able to access the router configurations, but what about inside your network ? it is still possible to gain access to the router by running a number of attacks on the router, to try and counter it we can use log in restrictions.
Block all access after 2 failed login attempts within 1 Minute for the period of 300Secounds (5 Minutes)
Cisco# login block-for 300 attempts 2 within 60
Delay 5 Seconds between each login attempt  
Cisco# login delay 5
And offcource log each attempt, both successful and failed.
Cisco# login on-failure log
Cisco# login on-success log
Another feature is to allow specific IP's the possibility to access even if the device is in "quite mode" (block is active)
Cisco# access-list 20 permit 192.168.0.100
Cisco# login quiet-mode access-class 20


Hope this post was helpful, If it was please consider a donation:
BTC Address: 1CnyMpjd1RntRDxSus2hu2aDMyzL4Kj29N
LTC Address: LUqrKbzGihTU2GEnL3EwsuuLHCsxCJMdtR

12 comments:

  1. thx guys
    you are grate

    ReplyDelete
    Replies
    1. Great Article
      Cyber Security Projects

      projects for cse

      Networking Security Projects

      JavaScript Training in Chennai

      JavaScript Training in Chennai

      The Angular Training covers a wide range of topics including Components, Angular Directives, Angular Services, Pipes, security fundamentals, Routing, and Angular programmability. The new Angular TRaining will lay the foundation you need to specialise in Single Page Application developer. Angular Training

      Delete
  2. Nice post! This is a very nice blog that I will definitively come back to more times this year! Thanks for informative post. security company

    ReplyDelete
  3. Your music is amazing. You have some very talented artists. I wish you the best of success. security company

    ReplyDelete
  4. This is such a great resource that you are providing and you give it away for free. security guards

    ReplyDelete
  5. I adore your websites way of raising the awareness on your readers. security guard training

    ReplyDelete
  6. Thank you because you have been willing to share information with us. we will always appreciate all you have done here because I know you are very concerned with our. https://sites.google.com/site/hotmailloginonline/

    ReplyDelete
  7. There are security industry exchange distributions, different affiliations, and other important assets that you can get some answers concerning by exploring on the web or visit your open Library. Your neighborhood office of trade is additionally a decent spot to begin. mall security guard

    ReplyDelete
  8. Great job for publishing such a beneficial web site. Your web log isn’t only useful but it is additionally really creative too. 먹튀폴리스

    ReplyDelete
  9. Whenever I have some free time, I visit blogs to get some useful info. Today, I found your blog with the help of Google. Believe me; I found it one of the most informative blog. hotmail entrar

    ReplyDelete
  10. Really I enjoy your site with effective and useful information. It is included very nice post with a lot of our resources.thanks for share. i enjoy this post. hotmail email

    ReplyDelete