Showing posts from May, 2012

Router Security - Best Practices

First you should define some RULES for the password definitions. For example - Minimal Password Lenght:
(config)#security passwords min-length 7

Permit users to have to wait for 1 minute if they attempt to log in for 3 times, and LOG it:
(config)#login block-for 60 attempts 3 within 60 <- ALLOW 3 ATTEMPTS WITHIN 1 MINUTE
(config)#security authentication failure rate 3 log <- LOG FAILED ATTEMPTS

To set up a PRIVILEGE mode password, that used an MD5 hashing:
(config)#enable secret level 15 0 Cisco07
*TIP: If your password contains "?", you need to press "ESC+Q" before you enter the "?" sign.

To define the USERNAME and assign it a MD5 Hash Password:
(config)#username cisqueros secret 0 Cisco07
(config)#do sh run | i username
username cisqueros secret 5 $1$YyRE$V60bOcwZ7ZK0LMusIVnhs/

No Service Password-Recovery feature is a security enhancement to prevent anyone with console access from accessing the router configuration and clearing the password. If you want…