Menu

Cisco Login Security

Securing a network means nothing when failing to secure the edge router, so here is a few tips on how to secure Cisco's CLI remote management,
first restrict access by IP address, to do so create an access-list containing the IP's you might be connecting from and add restrict the access to that ACL,
let's assume you'll need access only from 192.168.0.0/24
Cisco# access-list 10 permit 192.168.0.0 0.0.0.255
Cisco# line vty 0 4
Cisco# access-class 10 in
that should make sure no one outside your network is able to access the router configurations, but what about inside your network ? it is still possible to gain access to the router by running a number of attacks on the router, to try and counter it we can use log in restrictions.
Block all access after 2 failed login attempts within 1 Minute for the period of 300Secounds (5 Minutes)
Cisco# login block-for 300 attempts 2 within 60
Delay 5 Seconds between each login attempt  
Cisco# login delay 5
And offcource log each attempt, both successful and failed.
Cisco# login on-failure log
Cisco# login on-success log
Another feature is to allow specific IP's the possibility to access even if the device is in "quite mode" (block is active)
Cisco# access-list 20 permit 192.168.0.100
Cisco# login quiet-mode access-class 20


Hope this post was helpful, If it was please consider a donation:
BTC Address: 1CnyMpjd1RntRDxSus2hu2aDMyzL4Kj29N
LTC Address: LUqrKbzGihTU2GEnL3EwsuuLHCsxCJMdtR

9 comments:

  1. thx guys
    you are grate

    ReplyDelete
  2. Nice post! This is a very nice blog that I will definitively come back to more times this year! Thanks for informative post. security company

    ReplyDelete
  3. Your music is amazing. You have some very talented artists. I wish you the best of success. security company

    ReplyDelete
  4. This is such a great resource that you are providing and you give it away for free. security guards

    ReplyDelete
  5. I adore your websites way of raising the awareness on your readers. security guard training

    ReplyDelete
  6. Thank you because you have been willing to share information with us. we will always appreciate all you have done here because I know you are very concerned with our. https://sites.google.com/site/hotmailloginonline/

    ReplyDelete
  7. There are security industry exchange distributions, different affiliations, and other important assets that you can get some answers concerning by exploring on the web or visit your open Library. Your neighborhood office of trade is additionally a decent spot to begin. mall security guard

    ReplyDelete
  8. Great job for publishing such a beneficial web site. Your web log isn’t only useful but it is additionally really creative too. 먹튀폴리스

    ReplyDelete