Chapter 15. Router Security

Before deploying a router, you should secure it: that is, you should do everything you can to prevent the router from being misused, either by people within your own organization or by intruders from the outside. This chapter describes the first simple steps you can take toward router security ; however, it’s not a complete discussion by any means. I don’t do anything more than point you in the right direction. For more security review and hints, you might want to look at some O’Reilly titles, especially Hardening Cisco Routers by Thomas Akin and Cisco Cookbook by Kevin Dooley and Ian J. Brown.

Securing Enable Mode Access

One of the basic security items you need to protect is access to the enable mode, which allows a user access to the router’s configuration and boot information. You want to protect this mode as much as possible and give access only to people who really need it and who know what they are doing. For this section, we’ll look at setting the enable password , the enable secret command (which provides additional security), and enable privilege levels.

Setting the Enable Password

The enable password grants the user access to your complete router configuration. It’s much like the superuser or root password on a Unix system or like the Administrator password on Windows. It must be guarded carefully. In Chapter 3, I showed how to set the enable password:

    Router(config)#enable password mypassword

The problem with setting the password this way is ...

Get Cisco IOS in a Nutshell, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.