Topic List |
Page List:
1 |
---|---|
Rika_Furude 08/21/17 8:49:03 AM #1: |
Just a very basic question regarding security
I know you should be using "enable secret" to configure a hashed password to protect the enable mode on the device but can you set a secret (as opposed to password) for the console and telnet ports? i know you probably shouldn't be using telnet at all but it could show up on the exam and you can fail a security audit if the console port is wide open atm i know about setting a password and enabling the encryption service but thats super weak. is there a way to hash these passwords instead? --- ... Copied to Clipboard!
|
Trumpo 08/21/17 8:52:14 AM #2: |
... Copied to Clipboard!
|
CableZL 08/21/17 8:58:04 AM #3: |
I can verify when I get to work today, but I believe you can only set a password and rely on the encryption service on the console and vty lines.
The best option for secure access everywhere is to use AAA. That way you can have the appropriate users use their company login credentials and set appropriate password strength requirements globally. Or you could use the "login local" command on the console and vty lines. Then you'd just be relying on the user database you have built into the local device and the secret passwords you applied to them. --- ... Copied to Clipboard!
|
Rika_Furude 08/21/17 9:17:12 AM #4: |
Thanks cable, didnt think of using login local for those. For some reason i thought it was an ssh only thing
I havnt learned about AAA yet but i assume its coming at some point --- Posted with GameRaven 3.2.2 ... Copied to Clipboard!
|
CableZL 08/21/17 9:18:43 AM #5: |
The security track is what covers AAA in detail.
--- ... Copied to Clipboard!
|
Rika_Furude 08/21/17 9:19:19 AM #6: |
Oh
Probably wont be coveree much or at all in CCENT then --- Posted with GameRaven 3.2.2 ... Copied to Clipboard!
|
CableZL 08/21/17 10:22:55 AM #7: |
Rika_Furude posted...
Oh Nah, at most you may learn how to enable AAA on a basic level with the aaa new-model command. They've had newer versions of the exams since I took my CCENT/CCNA exams, so I'm not sure what it'll cover in that regard. --- ... Copied to Clipboard!
|
Topic List |
Page List:
1 |