Current Events > Anyone here good with Cisco switches/routers/have a CCNA/CCENT/CCNP/w/ev?

(+) Yeah! (+)

Just a very basic question regarding security

I know you should be using "enable secret" to configure a hashed password to protect the enable mode on the device

but can you set a secret (as opposed to password) for the console and telnet ports?
i know you probably shouldn't be using telnet at all but it could show up on the exam
and you can fail a security audit if the console port is wide open

atm i know about setting a password and enabling the encryption service but thats super weak. is there a way to hash these passwords instead?
---

@CableZL
---

I can verify when I get to work today, but I believe you can only set a password and rely on the encryption service on the console and vty lines.

The best option for secure access everywhere is to use AAA. That way you can have the appropriate users use their company login credentials and set appropriate password strength requirements globally.

Or you could use the "login local" command on the console and vty lines. Then you'd just be relying on the user database you have built into the local device and the secret passwords you applied to them.
---

Thanks cable, didnt think of using login local for those. For some reason i thought it was an ssh only thing

I havnt learned about AAA yet but i assume its coming at some point
---

The security track is what covers AAA in detail.
---

Oh

Probably wont be coveree much or at all in CCENT then
---

Rika_Furude posted...

Oh

Probably wont be coveree much or at all in CCENT then

Nah, at most you may learn how to enable AAA on a basic level with the aaa new-model command. They've had newer versions of the exams since I took my CCENT/CCNA exams, so I'm not sure what it'll cover in that regard.
---