Archives

  • Controlling Outbound Telnet Connections from the IOS CLI

    Just about everyone that has ever touched a Cisco IOS router, knows that you can secure VTY access to the router, by creating an access-list and applying it to all VTY lines with the command access-class in command. This would leave one to think that the command access-class out would prevent a user from connecting […]

    Aug 22nd, 2011 • Filed under IOS, Management Plane ProtectionPrint View
  • Enabling Cisco IOS Login Enhancements

    Lets face facts, any feature that helps protect your network devices from brute force login attacks has to be worth implementing. Cisco introduced Login Enhancements with IOS 12.3(4)T, here are a few examples on what you can do with these features. The follow command will block further login attempts, after 5 failed login attempts within […]

    Sep 22nd, 2010 • Filed under IOS, Management, Management Plane Protection, SecurityPrint View
  • Securing Router Management

    One of the easiest and best things you can do to secure a Cisco IOS router is to exclusively enable SSH, thus preventing sniffing of the management traffic. In this day and age there is really no reason to use Telnet or any other plain text protocol for sensitive data. First the router will need […]

    Sep 14th, 2010 • Filed under IOS, Management Plane ProtectionPrint View
  • Securing the Management Plane

    To increase the security of our IOS devices, we can designate an interface(s) for management traffic only, like only allowing management traffic on an internal interface, implementing this feature would greatly reduce our attack surface. Using this feature along with other security features such as VTY access-class and Login Enhancements, help enforce defense in depth. […]

    Sep 4th, 2010 • Filed under IOS, Management Plane Protection, SecurityPrint View
Archive for the ‘Management Plane Protection’ Category