Securing the Switch CLI

The first step to securing a switch is to secure access to the CLI. Securing the CLI includes protecting access to enable mode, because from enable mode, an attacker could reload the switch or change the configuration. At the same time, protecting user mode is also important, because attackers can see the status of the switch, learn about the network, and find new ways to attack the network.

For example, consider a user who accesses a switch from the console. The default console configuration settings allow a console user to reach both user mode and enable mode without supplying a password. These defaults make some sense, because when you use the console, you are typically sitting near or next to the switch. If you can ...

Get CCENT/CCNA ICND1 100-101 Official Cert Guide now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.