Category Archives: Configuring Basic Cisco Device Security

Logging to a Syslog Server Cisco

Real World Application In production networks routers moan and groan every minute theoretically speaking. Interfaces going up and down, ACL hit counts incrementing, configuration changes and etc… From an administrative standpoint one needs to track all the messages that the devices generate, these are known as system log messages. Of course one would never log each device to… Read More »

IOS Web Server Authentication Cisco

Real World Application Configuring Cisco IOS Web Server (HTTP and HTTPS) authentication is a common configuration used in production networks to authenticate unique users on devices that use self-hosted management web interfaces such as Cisco routers running the Cisco Security Device Manager (SDM) web interface of the Cisco Catalyst Switches that host the Web Based Device Management interface.… Read More »

Configuring EXEC and Absolute Timeouts Cisco

Real World Application It is common to have a session time in a corporate security policy. In a simple way of putting it, the exec-timeout will terminate an exec session after the session has been idle for the configured exec-timeout time. The default is 10 minutes. An absolute timeout however is a the maximum amount of time a… Read More »

Configuring Password Encryption Service Cisco

Real World Application Level 7 encryption on a Cisco device by today’s cryptographic standards is considered extremely weak. There are many websites that offer a decryption applet to allow you to copy and paste a service password encrypted hash and decrypt the hash for you to clear text. An example website being this website here. This lab you… Read More »

Configuring VTY Lines ACL Cisco

Real World Application In production networks it’s a common security policy to control remote administration to network devices using an access control list specifying only a particular administrative subnets and/or hosts on the network access to establish a remote exec session to the device for management. This lab will teach you how to configure an ACL to control… Read More »

Configuring Named ACL’s Cisco

Real World Application Numbered Access List have a major downfall which is the ability to edit specific lines in the access-list. Unfortunately the only way to do that is to edit the lines in a text editor and completely remove and re-add the ACL. Numbered access-list still can be found in networks all around the world but engineers… Read More »

Configuring Numbered Access Control Lists Cisco

Real World Application Access Control Lists are the basis of all network security. ACL’s control the flow of traffic through a device and can prevent unwanted traffic from a particular source to a specific destination. This lab will discuss and demonstrate numbered access list which are not very common due to the newer named access-list advantages. The biggest… Read More »

Configuring SSH Access Cisco

Real World Application Telnet just does not cut the cheese anymore when it comes to production network remote administration security. As you may be aware, telnet does not encrypt the encapsulated payload so with that being said; anyone on the wire can sniff the traffic and reconstruct the telnet communications which opens a major vulnerability that passwords can… Read More »

AAA Authentication via TACACS+ Cisco

Real World Application No network engineer wants to spend countless hours of time maintaining local user accounts on hundreds of Cisco devices. This issue was foreseen many many years ago and resolved with AAA. With AAA you can configure the Cisco device rather it be a router or switch to authentication to a centralized user authentication database. Cisco… Read More »

Configuring AAA Authentication Lists Cisco

Real World Application and Core Knowledge It’s quite simple, companies with several Cisco devices commonly use RADIUS or TACACS+ for user authentication and authorization. Local authentication is also used but only as a backup method when communication to the AAA server fails. AAA servers, rather they be TACACS+ (pronounced “tack axe plus”) or RADIUS provide a centralized management… Read More »

Configuring Local User Authentication Cisco

Real World Application Commonly with Cisco devices, multiple users will be accessing and configuring the device, thus requires different user credentials for individuals with different levels of access required to perform different management duties relating to the Cisco device. This lab will discuss and demonstrate the configurational requirements for setting up local user accounts. Lab Prerequisites If you… Read More »

Basic Password Authentication Cisco

Real World Application Security is of the uttermost importance in a production network, especially an internet facing production network. Having an insecure Cisco Router and/or switch is exposing your network to virtually unlimited number of risks. This lab will teach you the basics of password authentication in the Cisco IOS software to secure your Cisco router and/or switch.… Read More »